You must Register or Sign in to your Cyware account to perform this action
×Once you are logged in, you will be able to:
Customize your feeds by selecting categories you like
Comment on or Like an article
Receive the latest security stories, trends, and insights in your inbox
Build your profile and login across multiple devices
Bookmark a story and read it later
- Home
- Hacker News
- Malware and Vulnerabilities
- New Marap malware downloader involved in massive campaign targeting financial institutions

New Marap malware downloader involved in massive campaign targeting financial institutions
New Marap malware downloader involved in massive campaign targeting financial institutions- August 17, 2018
- |
- Malware and Vulnerabilities
/https://cystory-images.s3.amazonaws.com/shutterstock_558116080.jpg)
- The downloader is modular - it can download additional payloads and modules.
- Marap has been used in campaigns similar to the ones conducted by the TA505 ATP group.
A new malware downloader dubbed Marap has been discovered. Cybercriminals have used Marap in massive campaigns generating millions of malicious messages and targeting financial institutions across the globe.
Marap is modular in nature which allows it to download additional payloads and modules. This in turn can allow Marap’s operators to upgrade the downloader with new advanced capabilities and repackage it for future sophisticated attacks.
According to security researchers at Proofpoint, who discovered Marap, the malware downloader is also capable of downloading a system fingerprinting module that conducts simple reconnaissance.
Marap campaign
Proofpoint researchers found that the campaigns making use of Marap share similarities with previous campaigns conducted by the TA505 APT threat actor. These campaigns contain Word documents that contain macros, among others, and abuses the brand of a major US bank.
Marap has been named after its C2, which Marap spelled backward - “Param”. The malware downloader is written in C and also comes packed with several anti-analysis feature.
Marap’s system fingerprinting module
Marap’s system fingerprinting module is a DLL written in C++ and is capable of collection information such as username, domain name, IP address, country, language, Windows version and more. This information is sent to Marap’s C2.
“As defenses become more adept at catching commodity malware, threat actors and malware authors continue to explore new approaches to increase effectiveness and decrease the footprint and inherent ‘noisiness’ of the malware they distribute,” Proofpoint researchers wrote in their blog.
“This new downloader, along with another similar but unrelated malware that we will detail next week, point to a growing trend of small, versatile malware that give actors flexibility to launch future attacks and identify systems of interest that may lend themselves to more significant compromise,” Proofpoint researchers added.
- + Aware
Get such articles in your inbox
News
-
Previous News New AZORult variant being used by hacker Oktropys to spread Aurora ransomware
- August 20, 2018
- |
- Malware and Vulnerabilities
-
Next News Brazil passes new data protection bill to give individuals greater control | Cyware
- August 16, 2018
- |
- Laws, Policy, Regulations
Popular News
Related News
-
North Korean MacOS Malware Adopts In-Memory Execution
- December 6, 2019
- |
- Malware and Vulnerabilities
Categories
Get such articles in your inbox
News
-
Previous News New AZORult variant being used by hacker Oktropys to spread Aurora ransomware
- August 20, 2018
- |
- Malware and Vulnerabilities
-
Next News Brazil passes new data protection bill to give individuals greater control | Cyware
- August 16, 2018
- |
- Laws, Policy, Regulations
Popular News
Related News
-
North Korean MacOS Malware Adopts In-Memory Execution
- December 6, 2019
- |
- Malware and Vulnerabilities
Categories
