Malicious email delivers advanced malware with privilege escalation and evasion tactics

A sophisticated .cmd malware, delivered via a malicious email, has been analyzed by research Zoziel Pinto Freire for its advanced capabilities. The malware employs a multi-stage attack process, beginning with privilege escalation to gain administrative access and bypassing antivirus defenses. It then proceeds to download further payloads, establish persistence, and ultimately self-delete to cover its tracks, as reported by Security Affairs.The attack chain begins with a user receiving an email containing a URL that downloads an encoded .cmd file. This script executes PowerShell commands to achieve administrator privileges using the “RunAs” verb. It then adds exclusions to Windows Defender for specific directories and files, allowing malicious components to operate undetected.The malware downloads a disguised file, likely a ZIP archive, from a shortened URL, which is then extracted to reveal a DLL and a binary executable. Persistence is established through a scheduled task named “IntelGraphicsTask,” and the malware concludes by forcing a system reboot and deleting the initial script to remove evidence of its presence.Source:Security Affairs

Russian State-Linked APT28 Exploits SOHO Routers in Global DNS Hijacking Campaign

Why are Red Hat & Google Cloud Extending their Partnership?

CISOs Gain Strategic Role as Cyber Risks Intensify

Finite State appoints Ann Miller to scale product security and software supply chain strategy

Storm-1175 exploits web-facing systems to drive ransomware attacks across healthcare and services in US, UK, Australia

Malaysia’s digital growth and geopolitics widen cyber attack surface, raising critical infrastructure risks

Russian APT28 Hackers Hijack Routers to Steal Credentials, UK Security Agency Warns