Saturday, July 13, 2024

Cybercriminals Advertising Godzilla Loader Malware On Dark Web Forums

Cybercriminals Advertising Godzilla Loader Malware for $500 on Dark web forums, the malware found actively maintained and getting new updates periodically.

Godzilla modern downloader or dropper which first runs the binary on victim’s machine and then it downloads the payload form a remote server.

According to Checkpoint investigation, the Godzilla Loader malware rate of infection is very less when compared to its competitor, Emotet.

The Godzilla loader advertised as it comes with built-in UAC bypass, the User Account Control(UAC) is a Microsoft security tool that helps in preventing the intrusion of malicious software.

Godzilla Loader Malware

With the new version of “Godzilla, the author boasts that they have converted even more of the control flow to rely entirely on COM interfaces; persistence is achieved via the IPresistFile interface and shell executions of programs on the local disk are triggered via the IShellDispatch interface,” reads Checkpoint blog post.

It also performs other functions such as deletion of file backup, the only possible reason for it to be the anti-Ransomware measure which operates by recovering the original files from the shadow file backups.

The threat actors offered a bouble-layered fail-safe for C&C communication and employs RSA-2048 to verify the identity of the C&C server.

Last version of the malware appears to be under development from last December, the latest version contains propagation module, keylogger module and password stealing module.

Based on it’s existence and adoption rate, researchers said it could be a good example for the principle of the Long Tail.

Related Read:

Dark Web Market Silk Road Admin Pleads Guilty, Prison Up to 20 Years

Hackers Selling Facebook Account Logins Details On Dark Web For $3

Dark Web Malware Builder Allow Attackers To Create Malware That Steals Passwords & Credit Card Data


Latest articles

mSpy Data Breach: Millions of Customers’ Data Exposed

mSpy, a widely used phone spyware application, has suffered a significant data breach, exposing...

Advance Auto Parts Cyber Attack: Over 2 Million Users Data Exposed

RALEIGH, NC—Advance Stores Company, Incorporated, a prominent commercial entity in the automotive industry, has...

Hackers Using ClickFix Social Engineering Tactics to Deploy Malware

Cybersecurity researchers at McAfee Labs have uncovered a sophisticated new method of malware delivery,...

Coyote Banking Trojan Attacking Windows Users To Steal Login Details

Hackers use Banking Trojans to steal sensitive financial information. These Trojans can also intercept...

Hackers Created 700+ Fake Domains to Sell Olympic Games Tickets

As the world eagerly anticipates the Olympic Games Paris 2024, a cybersecurity threat has...

Japanese Space Agency Spotted zero-day via Microsoft 365 Services

The Japan Aerospace Exploration Agency (JAXA) has revealed details of a cybersecurity incident that...

Top 10 Active Directory Management Tools – 2024

Active Directory Management Tools are essential for IT administrators to manage and secure Active...
Guru baran
Guru baran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Free Webinar

Low Rate DDoS Attack

9 of 10 sites on the AppTrana network have faced a DDoS attack in the last 30 days.
Some DDoS attacks could readily be blocked by rate-limiting, IP reputation checks and other basic mitigation methods.
More than 50% of the DDoS attacks are employing botnets to send slow DDoS attacks where millions of IPs are being employed to send one or two requests per minute..
Key takeaways include:

  • The mechanics of a low-DDoS attack
  • Fundamentals of behavioural AI and rate-limiting
  • Surgical mitigation actions to minimize false positives
  • Role of managed services in DDoS monitoring

Related Articles