Hackers revive years-old malware to exploit mass remote working

Strains that rely on social engineering are once again growing in popularity

Hackers are said to be turning to years-old malware strains to provide support for fresh attacks amid the coronavirus pandemic, a new report has claimed.

The tactic is to blame for a sudden surge in the number of remote access trojans, keyloggers, botnets, and spyware tools detected since the start of the year, many of which are regarded as highly dangerous.

Advertisement - Article continues below

Each of these older strains rely on social engineering and phishing campaigns to spread, something that is being mobilised to exploit a shift to mass remote working.

The number of detections of NetWiredRC, a backdoor malware that first surfaced in 2014, rose 200% between December and March, according to Malwarebytes' CTNT report. This particular strain has been associated with a number of state-sponsored attacks, including APT33 attacks on organisations in the US, Saudi Arabia, and South Korea.

Researchers also witnessed a 109% increase in the use of the AveMaria remote access trojan between February and March alone, spread using phishing emails that claim to contain information about the effective use of face masks.

In the case of the LokiBot malware, a well-known keylogger and botnet first discovered in 2015, hackers are relying on the unusual tactic of hiding source code inside image files, rather than pdf and document attachments that remote workers have been told to guard against.

Advertisement - Article continues below
Advertisement - Article continues below

Other examples include AZORult, a four-year-old malware that acts as a downloader for other malware, which is said to be behind the spike in the number of coronavirus-themed emails. This includes an email that claims to be a receipt for a bulk order of ventilators, the attachment in which directs users to a fake Johns Hopkins University coronavirus map application.

It's through fake applications like this that other malware, including the DanaBot strain – which saw a 166% increase between February and March – are spread.

Researchers also recorded a 26% rise in the number of card skimming attacks between February and March, largely driven by a sudden drastic shift towards online shopping.

"Themed phishing campaigns usually don't last too long," explained Malwarebytes in the report. "In fact, once enough information about their existence has been distributed, the attacks will become less effective and we'll see a return to regular attacks, like those pretending to be from a bank or shipping company.

However, the report added that given organisations are likely to ask many of their employees to continue to work remotely, the trend of hackers targeting systems through vulnerable endpoints will also remain.

Featured Resources

Preparing for long-term remote working after COVID-19

Learn how to safely and securely enable your remote workforce

Download now

Cloud vs on-premise storage: What’s right for you?

Key considerations driving document storage decisions for businesses

Download now

Staying ahead of the game in the world of data

Create successful marketing campaigns by understanding your customers better

Download now

Transforming productivity

Solutions that facilitate work at full speed

Download now


Google Android

Over two dozen Android apps found stealing user data

7 Jul 2020

Best antivirus for Windows 10

30 Jun 2020

Searching for a new job? That LinkedIn job offer may be fake

19 Jun 2020

Evasive malware threats doubled in 2019

24 Mar 2020

Most Popular

Business operations

Nvidia overtakes Intel as most valuable US chipmaker

9 Jul 2020

How to find RAM speed, size and type

24 Jun 2020

Is it time to put Intel Outside?

10 Jul 2020