Valak Malware Target Enterprise Data
The Valak malware target Enterprise Data with multi-stage variant.
Valak Malware Targets Enterprise Data. Cyber-criminals are often take advantage of the potential malware to target Enterprises. This maximize the attack campaign so as their nefarious activities. Often times, the attackers drop the malware on the target computer system in multiple stages. In such a case, they used the Valak malware, which earlier acted as a malware-loader.
Since its origin in late 2019, the malware has become a lot more sophisticated and can cause much more damage than anticipated. So, now it acts more like a multi-stage modular malware.
What did researchers have found?
Researchers at Cybereason noted in their findings that since its origin May 2020. According to that, the Valak malware had received more than 30 updates in just six months. Interestingly, it is still sharing infrastructures such as downloaded files, URIs similarities, or connected files with all the different versions.
- Researchers suggested that the malware has become a multi-stage modular malware. Previously experts thought that it is just a loader for other malware. In its current form, hackers can use it independently to steal information from the targeted individuals or enterprises.
- The new version is capable of scouring the infected machines for existing antivirus applications. The malware has a designed capability of collecting plugins from its C&C server to improve its capabilities.
- As hackers have now stopped using open-source PowerShell downloader and rather shifts to PluginHost to improve their evasive capabilities. Using PluginHost for managing and downloading additional payloads increases the capacity to control the operational capabilities of the malware. It can download Jscript files and execute them easily.
- The most recent version of Valak is targeting administrators on enterprise networks and Microsoft servers. It is stealing enterprise mailing information and credentials of the administrators along with the enterprise certificate.
Key Observations Based On Past Incidents
- Researchers said that the phishing campaign manages to lure users in other malware incidents in a way similar to a Russian-speaking hacking group.
- Since the malware appeared in 2019, it has targeted around 150 organizations of different sectors, including retail, manufacturing, finance and health care.
- They are mainly targeting entities from Germany and the US. The malware is often paired up with IcedID and Ursnif or Gozi banking Trojan payloads.
- The researchers have found that the cyber-criminals execute the phishing attack using Microsoft Word documents embedded with malicious macro code.
Future updates may make it stronger
Although, the current version of the Valak malware resulted due to fast pace development and maintenance effort. However, the researchers believe that if the hackers update its modular design with advanced features, it can evade detection and attack with more stealthy techniques. Thus, the Valak Malware Target Enterprise Data
What should you do to avoid infected with Valak malware ?
- The enterprises and individuals should ensure that best security practices.
- They should keep aware of the phishing email and stay in sync with email attachment analysis, email filtering and mandatory cybersecurity awareness education for the employees.
- Users should prefer reputed anti-spyware or antivirus applications to scan computers.
- Avoid opening email attachments or the links in emails from unknown, suspicious and irrelevant email addresses.
- Enterprises need to practice all security measures to safeguard their data. Malware programs like Valak can steal sensitive personal information and enterprise secrets from computers and can cause severe financial losses in the long run.
- Researchers have advised the users to stay cautious as future updates of the malware may get more vicious.
Protect your computer with HitmanPro Now