A new form of modular downloader packs the ability to download other modules and payloads.
Researchers have detected a new modular downloader in large campaigns primarily hitting financial institutions, where it may be planting the seeds for future compromise.
Proofpoint experts first observed multiple large email campaigns, each consisting of millions of messages, earlier this month. They noticed all led to the same “Marap” malware and shared common features with earlier campaigns linked to the threat actor TA505. The emails contained Microsoft Excel Web Query files, password-protected ZIP files containing the Query files, PDFs with embedded Query files, and Word documents containing macros.
This malware, the researchers’ report continues, is part of a growing trend of small, versatile malware which gives attackers more flexibility to launch attacks and detect systems that could lead to more damaging compromise.
Read more: Dark Reading