AcidBox Malware Leveraging Turla Group’s Exploit to Target Russian Organizations | Cyware Alerts


To increase the impact and intensity of their cyberattacks, several cybercriminals have started targeting legitimate virtualization platforms used in the organizations. A new malware was recently found exploiting bugs in the newer versions of VirtualBox.

AcidBox – The latest threat to virtualization

An analysis of the malware samples, known to be used in Turla’s VirtualBox exploit, showed that this malware has been used in highly targeted attacks.

  • Earlier this month, Palo Alto Networks’ Unit 42 found that a yet-to-be-identified cybergang had launched attacks against two different Russian organizations in 2017, by attacking the popular open-source virtualization software VirtualBox.
  • The cybergang developed an advanced malware, dubbed AcidBox, to abuse a bug (CVE-2008-3431), in the Windows Vista security mechanism called Driver Signature Enforcement (DSE). The malware also targeted a second DSE vulnerability tied to a signed VirtualBox driver (VBoxDrv.sys v1.6.2).
  • First seen in February 2020, the malware even targeted VirtualBox driver VBoxDrv.sys v1.6.2, along with all other versions up to v3.0.0.

Innovative evasion mechanisms using VirtualBox

Recently, cybercriminals were also observed leveraging VirtualBox as an evasion technique to thwart antivirus vendors and virus researchers.

  • In May 2020, the RagnarLocker ransomware operators were observed deploying Oracle VirtualBox to dodge security by hiding their presence inside a Windows XP virtual machine on the infected computers.
  • In December 2019, ZeroCleare malware was found using a vulnerable but signed driver from a version of Oracle’s VirtualBox virtual machine software to bypass the signature checking of the driver allowing it to attack 64-bit versions of Windows.

Stay safe

Users should follow the fundamental principles of cybersecurity, like keeping the software and the host/guest operating systems up to date and restricting network access to critical services. Also, security teams should monitor system activity regularly for any anomalies in normal behavior.



Source link

Recent articles

Are Seasons 1-8 of ‘Beavis and Butt-head’ on Netflix?

Beavis and Butt-head – Picture: ViacomCBSWith the news that Beavis and Butt-head is among the many shows set to be rebooted, you may...

The Best Cheap Nespresso Deals for July 2020

Digital Trends may earn a commission when you buy through links on our site. Are you searching coffee maker deals? If you enjoy fine...

Mechanical force used to trigger isomerisation in 3D molecule | Research

The tip of a scanning tunnelling microscope (STM) has been used to precisely switch between three possible isomers of a single molecule. The...

India to order 21 MiG-29s, 12 Su-30MKIs amid China tensions | News

India’s Defence Acquisition Council has approved the acquisition of 33 new Russian fighters, comprising 21 RAC MiG-29s and 12 Sukhoi Su-30MKIs. In addition, the...

Leave a reply

Please enter your comment!
Please enter your name here