- Cisco Talos finds a new malware -frame called ps1bot
- The frame is distributed through maltering and SEO poisoning
- PS1BOT can act as an infoTealer, keylogger, screen grabber and more
Security researchers Cisco Talos have discovered a brand new malware frame, as they say, really goes the extra mile to infect a device.
PS1BOT can log keystrokes, grab cryptocurrency data and continue with the compromised ending point, among other things, the company’s report says.
Complement of PS1BOT is a malvertising campaign as well as SEO poisoning that fools unsuspecting victims to download malware. Cisco Talos did not say what the theme of these poorly intended ads and pages use who the usual victims are or how successful the campaign is.
Flexible and dangerous
They said the one who downloads the ZIP file can expect a JavaScript -new load that acts as a dropper and pulls a scripted from an external server.
This scripted writes a PowerShell script for a file on the disk and runs it. On the other hand, the Powershell-Script contacts The Threat Actor’s Command-and-Control (C2) server, which grabs additional commands that transform malware into what is currently needed.
There are many things that the frame can be transformed into. It can serve as a reconnaissance tool that shares with attackers details of antivirus programs running on the computer, as well as basic system information.
It can serve as a screen recording or keylogger tool, forward screenshots and keystrokes for C2. It can also act as a wallet grabber and steal cryptocurrency -tektogsinformation. Finally, it can continue on the device via a Powershell script that is automatically launched on reboot.
“The implementation of the Information Stealer module utilizes glossaries embedded in the stealer to enumerate files containing passwords and seed phrases that can be used to access cryptocurrency books that the stealer also tries to exfilter from infected systems,” Cisco Talos said.
“The modular nature of the implementation of this malware provides flexibility and enables rapid implementation of updates or new functionality as needed.”
