Detected malware disguising as a local Windows port - WritenAreGiven

WritenAreGiven

Technology: Latest News,Review & Leaks

Detected malware disguising as a local Windows port

Share This
Anti-virus company ESET announced the discovery of a malicious bootloader DePriMon, which is able to create new local ports with the name "Windows Default Print Monitor".
Detected malware disguising as a local Windows port


 And due to the complexity and modular architecture, the detected software can be considered an entire software platform.

According to ESET telemetry, DePriMon has been operating since March 2017. In a number of cases, DePriMon was distributed along with software belonging to the Lamberts cybercriminal group. 


Detected malware disguising as a local Windows port


It is also associated with a known leak of information from the CIA repository - Vault 7.

Malicious DePriMon has advanced functionality and a progressive architecture: the program is loaded into memory and executed as a DLL file. However, the file is not saved to disk. 

At the same time, DePriMon has an advanced configuration with a set of interesting components and encryption that effectively protects its connection to the command server (C&C).

Thus, DePriMon is a powerful, flexible and robust tool designed to download and execute components, as well as to collect information about the system and the user.

 It is noteworthy that this software is the first example of a Port Monitors type of malware detected in a real environment.

No comments:

Post a Comment

Like a Reply

Post Bottom Ad

Pages