Hackers revive years-old malware to exploit mass remote working

Strains that rely on social engineering are once again growing in popularity

Hackers are said to be turning to years-old malware strains to provide support for fresh attacks amid the coronavirus pandemic, a new report has claimed.

The tactic is to blame for a sudden surge in the number of remote access trojans, keyloggers, botnets, and spyware tools detected since the start of the year, many of which are regarded as highly dangerous.

Each of these older strains rely on social engineering and phishing campaigns to spread, something that is being mobilised to exploit a shift to mass remote working.

The number of detections of NetWiredRC, a backdoor malware that first surfaced in 2014, rose 200% between December and March, according to Malwarebytes' CTNT report. This particular strain has been associated with a number of state-sponsored attacks, including APT33 attacks on organisations in the US, Saudi Arabia, and South Korea.

Researchers also witnessed a 109% increase in the use of the AveMaria remote access trojan between February and March alone, spread using phishing emails that claim to contain information about the effective use of face masks.

In the case of the LokiBot malware, a well-known keylogger and botnet first discovered in 2015, hackers are relying on the unusual tactic of hiding source code inside image files, rather than pdf and document attachments that remote workers have been told to guard against.

Other examples include AZORult, a four-year-old malware that acts as a downloader for other malware, which is said to be behind the spike in the number of coronavirus-themed emails. This includes an email that claims to be a receipt for a bulk order of ventilators, the attachment in which directs users to a fake Johns Hopkins University coronavirus map application.

It's through fake applications like this that other malware, including the DanaBot strain – which saw a 166% increase between February and March – are spread.

Researchers also recorded a 26% rise in the number of card skimming attacks between February and March, largely driven by a sudden drastic shift towards online shopping.

"Themed phishing campaigns usually don't last too long," explained Malwarebytes in the report. "In fact, once enough information about their existence has been distributed, the attacks will become less effective and we'll see a return to regular attacks, like those pretending to be from a bank or shipping company.

However, the report added that given organisations are likely to ask many of their employees to continue to work remotely, the trend of hackers targeting systems through vulnerable endpoints will also remain.

Featured Resources

Preparing for AI-enabled cyber attacks

MIT technology review insights

Download now

Cloud storage performance analysis

Storage performance and value of the IONOS cloud Compute Engine

Download now

The Forrester Wave: Top security analytics platforms

The 11 providers that matter most and how they stack up

Download now

Harness data to reinvent your organisation

Build a data strategy for the next wave of cloud innovation

Download now

Recommended

New malware uses search engine ads to target pirate gamers
malware

New malware uses search engine ads to target pirate gamers

21 Jul 2021
HackBoss malware is using Telegram to steal cryptocurrency from other hackers
cryptocurrencies

HackBoss malware is using Telegram to steal cryptocurrency from other hackers

16 Apr 2021

Most Popular

RMIT to be first Australian university to implement AWS supercomputing facility
high-performance computing (HPC)

RMIT to be first Australian university to implement AWS supercomputing facility

28 Jul 2021
Zyxel USG Flex 200 review: A timely and effective solution
Security

Zyxel USG Flex 200 review: A timely and effective solution

28 Jul 2021
Square to acquire Afterpay for $29 billion
mergers and acquisitions

Square to acquire Afterpay for $29 billion

2 Aug 2021