(Image credit: solarseven/Shutterstock) |
It's bad enough if your computer is infected with malware, but what if hackers could simultaneously install 10 distinct strains of malware on it? That's exactly what a new hacking organization is now doing.
According to BleepingComputer, "malware cluster bombs," as security experts at KrakenLabs refer to them, are being used by a threat actor by the name of Unfurling Hemlock to infect susceptible PCs.
Unfurling Hemlock has reportedly already carried out these so-called malware cluster bomb strikes in ten different nations, however it appears that most of them are directed towards American targets, according to a recent blog post. The assaults initially started in February of last year, and because of their unique distribution strategy, it is simple to link them to the hacking organization.
This article contains all the information you want concerning malware cluster bomb assaults, as well as precautions you may take to be safe from them.
Dropping a malware bomb
(Image credit: Shutterstock) |
Malicious emails or malware loaders that Unfurling Hemlock pays other hackers to use are the primary means of distributing the original malware employed in these assaults. In either case, a potential victim's PC becomes infected with a malicious software called "WEXTRACT.EXE".
Because it includes nested compressed cabinet files, each level of this malicious executable's file contains a distinct malware sample or another compressed file, making it a malware cluster bomb. Every one of them releases a distinct malware strain when it is unpacked on a victim's machine.
All of these extracted files are then run in reverse order, with the most recent malware extraction hitting the targeted device first, as the attack reaches its peak. The experts at KrakenLabs claim that these malware cluster bombs contain varying amounts of malware, with each one having four to seven stages.
In an Unfurling Hemlock assault, a computer may be infected with backdoors, botnets, and info-stealers, among other sorts of malware. In these cluster bomb-style attacks, KrakenLabs has spotted the Redline stealer and several other well-known malware variants.
Although BleepingComputer believes that Unfurling Hemlock may be capturing sensitive data via info-stealing software and subsequently selling this material to other hacker organizations, KrakenLabs did not address how Unfurling Hemlock is getting money from these assaults.
How to stay safe from malware
(Image credit: Shutterstock) |
The most crucial thing you can do to protect yourself against malware in general and from these cluster bomb-style attacks is to exercise additional caution while downloading files from the internet. You should never download or open a file from a source you don't trust, whether it's an executable from a dubious website or an attachment in a phishing email.
But, hackers employ a wide range of strategies, such as social engineering and fabricating a false feeling of urgency, to persuade you to reply to their messages or download and open dubious files. The greatest antivirus program might be useful in this situation.
Your antivirus program will flag the file to alert you to its potential dangers when you do download something dubious. Microsoft's built-in antivirus software ought to be able to block the majority of threats, but paid antivirus programs sometimes include helpful extras like a password manager or VPN. All you have to do is confirm that Windows Defender is activated on your computer, which it normally is as it is set on by default.
These malware cluster bombs are among the most inventive attack techniques I've seen in a long time. Hackers are continually coming up with new ones. However, you should be able to prevent getting a terrible malware infection if you use caution when browsing the internet, stay away from downloading files from untrusted sources, and keep your computer's software up to date.