Research

The Nsag infector story continues

Since we last reported on Nsag infectors, we’ve seen quite a lot of new malware related to Nsag.

There’s no real point in continuing to refer to this malware as Smitfraud, so we won’t.

Overall, the malware is the same old thing, but in slightly different clothing. Nsag.b infectors have taken the place of Nsag.a infectors. Although these new infectors aren’t really innovating, the Trojan-Downloaders that install these infectors are.

Most Trojan-Downloader.Win32.Zlob variants download numerous pieces of malware – most notably a Nsag.b infector and Trojan.Win32.Puper variants.

Zlob is interesting because of the technique it uses to download files.
It uses a new method to inject code into explorer.exe. This way it can download the malicious files without alerting the firewall.

It would seem that the creators are refining the way the Nsag infector gets introduced to the system rather then building new features into the infector itself.

This once again shows that the author(s) means business. This story is far from over.

The Nsag infector story continues

Your email address will not be published. Required fields are marked *

 

Reports

BlindEagle flying high in Latin America

Kaspersky shares insights into the activity and TTPs of the BlindEagle APT, which targets organizations and individuals in Colombia, Ecuador, Chile, Panama and other Latin American countries.

APT trends report Q2 2024

The report features the most significant developments relating to APT groups in Q2 2024, including the new backdoor in Linux utility XZ, a new RAT called SalmonQT, and hacktivist activity.

Subscribe to our weekly e-mails

The hottest research right in your inbox