RIG EK Still Makes Waves, This Time with a Stealthy Backdoor
It’s been involved in ongoing activity involving a wide range of crimeware payloads; and the latest campaign saw RIG dropping the Grobios malware, which is tailored to be a really stealthy backdoor. RIG then loads a malicious Flash file that drops the Grobios trojan.Related Posts The trojan’s main hallmark is an impressive arsenal of evasion and anti-sandbox techniques, according to FireEye researchers. “Once a strong foothold is established, an attacker can drop a payload of his/her choice, which can be anything from an infostealer to ransomware, etc.” FireEye researchers said in an analysis on Monday that Grobios’ efforts to evade detection are a grab-bag of tactics: The authors have packed the sample with PECompact 2.xx, for one. For persistence, Grobios gets very aggressive: It drops a copy of itself into an application folder, masquerading as a version of legitimate software installed on the victim machine.