Hackers revive years-old malware to exploit mass remote working

Strains that rely on social engineering are once again growing in popularity

Hackers are said to be turning to years-old malware strains to provide support for fresh attacks amid the coronavirus pandemic, a new report has claimed.

The tactic is to blame for a sudden surge in the number of remote access trojans, keyloggers, botnets, and spyware tools detected since the start of the year, many of which are regarded as highly dangerous.

Each of these older strains rely on social engineering and phishing campaigns to spread, something that is being mobilised to exploit a shift to mass remote working.

The number of detections of NetWiredRC, a backdoor malware that first surfaced in 2014, rose 200% between December and March, according to Malwarebytes' CTNT report. This particular strain has been associated with a number of state-sponsored attacks, including APT33 attacks on organisations in the US, Saudi Arabia, and South Korea.

Researchers also witnessed a 109% increase in the use of the AveMaria remote access trojan between February and March alone, spread using phishing emails that claim to contain information about the effective use of face masks.

In the case of the LokiBot malware, a well-known keylogger and botnet first discovered in 2015, hackers are relying on the unusual tactic of hiding source code inside image files, rather than pdf and document attachments that remote workers have been told to guard against.

Other examples include AZORult, a four-year-old malware that acts as a downloader for other malware, which is said to be behind the spike in the number of coronavirus-themed emails. This includes an email that claims to be a receipt for a bulk order of ventilators, the attachment in which directs users to a fake Johns Hopkins University coronavirus map application.

It's through fake applications like this that other malware, including the DanaBot strain – which saw a 166% increase between February and March – are spread.

Researchers also recorded a 26% rise in the number of card skimming attacks between February and March, largely driven by a sudden drastic shift towards online shopping.

"Themed phishing campaigns usually don't last too long," explained Malwarebytes in the report. "In fact, once enough information about their existence has been distributed, the attacks will become less effective and we'll see a return to regular attacks, like those pretending to be from a bank or shipping company.

However, the report added that given organisations are likely to ask many of their employees to continue to work remotely, the trend of hackers targeting systems through vulnerable endpoints will also remain.

Featured Resources

BIOS security: The next frontier for endpoint protection

Today’s threats upend traditional security measures

Download now

The role of modern storage in a multi-cloud future

Research exploring the impact of modern storage in defining cloud success

Download now

Enterprise data protection: A four-step plan

An interactive buyers’ guide and checklist

Download now

The total economic impact of Adobe Sign

Cost savings and business benefits enabled by Adobe Sign

Download now

Recommended

Your essential guide to internet security
Security

Your essential guide to internet security

23 Sep 2020
Best free malware removal tools 2020
Security

Best free malware removal tools 2020

21 Sep 2020
'NetWalker' ransomware explodes thanks to 'as a service' expansion
ransomware

'NetWalker' ransomware explodes thanks to 'as a service' expansion

4 Sep 2020
Malware attacks using machine identities doubled in 2019
cyber security

Malware attacks using machine identities doubled in 2019

4 Aug 2020

Most Popular

16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

16 Sep 2020
16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

16 Sep 2020
Nokia will replace Huawei as BT's largest 5G equipment provider
5G

Nokia will replace Huawei as BT's largest 5G equipment provider

29 Sep 2020