Friday, November 1, 2024
HomeComputer SecurityCybercriminals Advertising Godzilla Loader Malware On Dark Web Forums

Cybercriminals Advertising Godzilla Loader Malware On Dark Web Forums

Published on

Malware protection

Cybercriminals Advertising Godzilla Loader Malware for $500 on Dark web forums, the malware found actively maintained and getting new updates periodically.

Godzilla modern downloader or dropper which first runs the binary on victim’s machine and then it downloads the payload form a remote server.

According to Checkpoint investigation, the Godzilla Loader malware rate of infection is very less when compared to its competitor, Emotet.

- Advertisement - SIEM as a Service

The Godzilla loader advertised as it comes with built-in UAC bypass, the User Account Control(UAC) is a Microsoft security tool that helps in preventing the intrusion of malicious software.

Godzilla Loader Malware

With the new version of “Godzilla, the author boasts that they have converted even more of the control flow to rely entirely on COM interfaces; persistence is achieved via the IPresistFile interface and shell executions of programs on the local disk are triggered via the IShellDispatch interface,” reads Checkpoint blog post.

It also performs other functions such as deletion of file backup, the only possible reason for it to be the anti-Ransomware measure which operates by recovering the original files from the shadow file backups.

The threat actors offered a bouble-layered fail-safe for C&C communication and employs RSA-2048 to verify the identity of the C&C server.

Last version of the malware appears to be under development from last December, the latest version contains propagation module, keylogger module and password stealing module.

Based on it’s existence and adoption rate, researchers said it could be a good example for the principle of the Long Tail.

Related Read:

Dark Web Market Silk Road Admin Pleads Guilty, Prison Up to 20 Years

Hackers Selling Facebook Account Logins Details On Dark Web For $3

Dark Web Malware Builder Allow Attackers To Create Malware That Steals Passwords & Credit Card Data

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

LightSpy iOS Malware Enhanced with 28 New Destructive Plugins

The LightSpy threat actor exploited publicly available vulnerabilities and jailbreak kits to compromise iOS...

ATPC Cyber Forum to Focus on Next Generation Cybersecurity and Artificial Intelligence Issues

White House National Cyber Director, CEOs, Key Financial Services Companies, Congressional and Executive Branch...

New PySilon RAT Abusing Discord Platform to Maintain Persistence

Cybersecurity experts have identified a new Remote Access Trojan (RAT) named PySilon. This Trojan...

Konni APT Hackers Attacking Organizations with New Spear-Phishing Tactics

The notorious Konni Advanced Persistent Threat (APT) group has intensified its cyber assault on...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

LightSpy iOS Malware Enhanced with 28 New Destructive Plugins

The LightSpy threat actor exploited publicly available vulnerabilities and jailbreak kits to compromise iOS...

New PySilon RAT Abusing Discord Platform to Maintain Persistence

Cybersecurity experts have identified a new Remote Access Trojan (RAT) named PySilon. This Trojan...

Konni APT Hackers Attacking Organizations with New Spear-Phishing Tactics

The notorious Konni Advanced Persistent Threat (APT) group has intensified its cyber assault on...