Researchers at antivirus vendor Avast have identified a new malware attack that leverages Skype, Facebook Messenger, and other messaging applications.
We’re used to focusing on email being the primary delivery mechanism for any type of malware. But the folks at Avast have been monitoring a new family of malware that has been around since August of last year – Rietspoof. In January of this year, the malware changed tactics, using what Avast refers to as “a highly obfuscated Visual Basic Script with a hard-coded and encrypted second stage CAB file.” The CAB file expands into an executable that installs a downloader which communicates with a C&C server to deliver ransomware onto the infected endpoint.
Sound complex? That’s because it’s designed to be; this level of complexity is used to obfuscate the malicious nature of the attack. And the use of messenger apps as the initial delivery mechanism is somewhat unusual.
While not the first time messaging apps have been used to deliver malware, the real-time nature of this delivery mechanism may be unusual enough to fool users into clicking a malicious link.
Users need to be educated via Security Awareness Training to me watchful for unknown links in any chat window, just as they should be within emails and on the web. Additionally, proper antivirus and endpoint protection should be in place to provide a layered defense should malicious links – like that of Rietspoof – be clicked.