Researchers at HP have discovered a new malware loader that they've dubbed SVCReady. While new malware strains are common, this one is distinct for a couple of different reasons.
Like many malicious programs, this spreads primarily via phishing email campaigns. One way that this new strain differs however, is the fact that the malware is loaded onto the target machine via specially crafted Word documents attached to the email.
The idea is that these Word documents leverage VBGA macro code to execute shellcode that's stored in the properties of the Word document. That's both new and dangerous.
The HP researchers found evidence that tracks the malicious code back to its origin in April of 2022, with the developers releasing several updates just one month later in May. The number of updates is suggestive of a large, well-organized team that is committed to continued development of their new toy.
Currently, SVCReady boasts the following capabilities:
- Download a file to the infected client
- Take a screenshot
- Run a shell command
- Check if it is running in a virtual machine
- Collect system information (a short and a "normal" version)
- Check the USB status, i.e., the number of devices plugged-in
- Establish persistence through a scheduled task
- Run a file
- And run a file using RunPeNative in memory
In addition to these capabilities, SVCReady can also fetch additional payloads from the command-and-control server. While the bullet points above are dangerous in their way, it is the last, recently added capability that makes the new malware strain especially dangerous. It enables the hackers to tailor the level of destruction for each infected target.
Worse, the new strain contains bits of code that lead the HP researchers to conclude that the threat actor TA551 may be behind it. This is a large, well-organized group with ties to multiple other hacking organizations and ransomware affiliates. That implies that SVCReady may soon become much more widely available than it is now.
You will want to be sure this one stays on your radar.
________________________________________________________________________________________________________
"Fortune Favors Who Value Time over Money!"
"TeQ I.Q. was the 1st IT Company to Deliver Cloud Solutions since 2003"
Tech issues taking up your Time?
"TeQ I.Q. Makes Your Technology Simple and Easy"
Do you have Tech Frustrations like your Computer, Internet, Phone, Cellphone, Camera, TV, Car?
"We Take Away Your Tech Frustrations and Give You the Free Time You Deserve!"
Call Robert to ask all your Technology questions.
We are giving a Free in Person TeQ Seminar at our office in La Mesa every Wednesday from 12pm-1pm and a Free TeQ Support Q&A from 1pm-2pm. Go to https://www.teqiq.com/events for our upcoming Events and https://www.teqiq.com/seminars for info on each Seminar.
For Free Consultation Call Now Robert Black at (619) 255-4180 or visit our website https://www.teqiq.com/
Chase Bank and Others Trust TeQ I.Q. with their IT and TeQnology so can you!
