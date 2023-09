By

IBM X-Force tau tshawb pom qhov nce ntawm qhov muaj peev xwm ntawm DBatLoader malware cov qauv faib los ntawm kev tshaj tawm email. Qhov kev txhim kho no ua rau muaj kev pheej hmoo siab dua los ntawm cov tsev neeg malware uas cuam tshuam nrog DBatLoader kev ua. Txij li thaum lig Lub Rau Hli, X-Force tau txheeb xyuas ze li ob lub kaum os email kev tshaj tawm uas siv cov tshiab DBatLoader loader kom xa cov nyiaj them poob haujlwm xws li Remcos, Warzone, Formbook, thiab AgentTesla. Cov phiaj xwm no faib cov chaw taws teeb nkag Trojans (RATs) thiab infostealers feem ntau cuam tshuam nrog DBatLoader malware.

DBatLoader, lossis ModiLoader, yog hom malware uas tau pom txij li xyoo 2020. Nws yog siv los rub tawm thiab ua tiav cov nyiaj them kawg nkaus hauv cov phiaj xwm malware, suav nrog RATs thiab infostealers xws li Remcos, Warzone, Formbook, thiab AgentTesla. Cybercriminals feem ntau siv spam emails xa mus rau DBatLoader, thiab lawv nquag siv huab kev pabcuam rau theem thiab khaws cov nyiaj them poob haujlwm ntxiv. Nyuam qhuav pib lub xyoo no, DBatLoader cov phiaj xwm tau tsom mus rau kev faib cov Remcos rau cov chaw nyob sab hnub tuaj Europe thiab Formbook thiab Remcos rau cov lag luam hauv Europe.

Remcos, ib qho cuab yeej nkag mus rau tej thaj chaw deb thiab kev soj ntsuam, feem ntau yog siv rau kev ua phem. Nws tso cai rau tsis tau tso cai nkag mus rau Windows operating systems. Warzone, tseem hu ua AveMaria, yog cov chaw taws teeb nkag mus rau trojan muaj rau kev yuav khoom ntawm lub vev xaib warzone[.]ws txij li xyoo 2018. Formbook thiab AgentTesla yog cov neeg nyiag ntaub ntawv nrov uas tuaj yeem pom ntawm kev lag luam hauv av.

Hauv cov phiaj xwm tsis ntev los no tau pom los ntawm X-Force, cov neeg ua phem hem thawj tau txhim kho raws li lawv cov kev tawm tsam yav dhau los. Lawv tau txais kev tswj hwm ntawm email infrastructure, tso cai rau cov email phem kom dhau SPF, DKIM, thiab DMARC email authentication txoj kev. Feem ntau ntawm cov phiaj xwm no siv OneDrive mus rau theem thiab khaws cov nqi them ntxiv. Qee qhov kev sib tw siv kev hloov pauv [.]sh lossis tshiab / cuam tshuam tus thawj. Thaum feem ntau ntawm cov ntsiab lus email yog tsom rau cov neeg hais lus Askiv, X-Force kuj tau pom cov email hauv Spanish thiab Turkish.

DBatLoader tseem nyob rau hauv kev txhim kho nquag, thiab nws lub peev xwm txuas ntxiv hloov zuj zus los ua kom nws cov txiaj ntsig zoo li kev xa khoom malware.

