New
#1
Dangerous form of ransomware has just evolved to be harder to spot
One of the most dangerous forms of ransomware has just evolved to be harder to spot
Malicious loaders delivered by self-extracting Dropbox files enable payloads to bypass detection.One of the most dangerous forms of ransomware has just evolved to be harder to spot | ZDNetIdentified by Trend Micro, the new Cerber variant is, like most ransomware, delivered by a malicious phishing email. But rather than encouraging the victim to click on a link to download a file, these emails contain a link to Dropbox which downloads and self-extracts the Cerber payload.
However, in order to evade detection and monitoring by cybersecurity researchers, this version of Cerber will check to see if it's running on a virtual machine, sandbox, or if certain products are running on the machine -- and if it spots any of these, it'll stop running. Why? Because it's in the best interests of the criminals behind it that their code doesn't get analysed.
It's because of this that the actors behind Cerber have gone to the trouble of repackaging the delivery method and loader in order to get around cybersecurity products which can detect malicious files based on features instead of signatures.
But by deploying a self-extracting mechanism, it's possible for the file to not look malicious, even to machine learning tools.