March 26th 2018, By Tom Spring
The group behind Sanny malware attacks has made significant changes to the way it delivers their payload. According to new research by FireEye, the attackers have upgraded their delivery techniques when it comes to planting malware on systems via document attachments sent as part of spam and phishing campaigns.
“The attack is now carried out in multiple stages, with each stage being downloaded from the attacker’s server. Command line evasion techniques, the capability to infect systems running Windows 10, and use of recent User Account Control bypass techniques have also been added,” according to a FireEye report, which said the changes were first observed earlier this month.
Powered by WPeMatico