Beware of BIOPASS malware hidden in Chinese online gambling sites
BIOPASS RAT takes advantage of the Open Broadcaster Software (OBS) Studio streaming application to capture victim screens.
The attack involved tricking visitors into a game website and downloading a malware loader disguised as a legitimate installer for popular but deprecated apps, like Adobe Flash Player or Microsoft Silverlight. The purpose of this is for the loader to act as a conduit to fetch the payloads for the next stage.
Specifically, the online support chat pages of online gambling sites are infected with malicious JavaScript code, which is used to spread malware to victims.
"BIOPASS RAT has basic features found in other malware, such as file system evaluation, remote desktop access, file filtering, and shell command execution," the researchers said. Trend Micro said. "It has the potential to compromise victims' personal information by stealing web browser and messaging app data."
OBS Studio is an open source video recording and live streaming software that allows users to live stream to Twitch, YouTube and other platforms.
Besides being equipped with a wide range of capabilities to run all typical spyware, BIOPASS is also equipped to set up streaming to a cloud service, under attacker control via Real- Time Messaging Protocol (RTMP), in addition to communicating with a command-and-control (C2) server using the Socket.IO protocol.
This malware is spreading aggressively. It mainly steals personal data from the most popular web browsers and messaging apps in China, including QQ Browser, 2345 Explorer, Sogou Explorer, 360 Safe Browser, WeChat, QQ and Aliwangwang.
It's unclear exactly who is behind this attack, but Trend Micro researchers say they found an overlap between BIOPASS and TTPs - related to Winnti Group (aka APT41) - a group Sophisticated Chinese hacking.
"BIOPASS RAT is a type of sophisticated malware that is deployed as Python scripts. Because the malware loader is distributed as an executable that is disguised as a legitimate update installer on the site. web is compromised, [.] you should only download apps from trusted sources and official websites to avoid being compromised,' the researchers warned.
You should read it
- How many types of malware do you know and how to prevent them?
- 10 typical malware types
- What is Safe Malware? Why is it so dangerous?
- Can a VPN Fight Malware?
- What is Malware? What kind of attack is Malware?
- The 4 most common ways to spread malware today
- Learn about polymorphic malware and super polymorphism
- What is Goldoson Malware? How can you protect yourself?
- What is rooting malware? What can you do to protect yourself?
- Some simple tricks to deal with Malware
- What is Malware Joker? How to fight Malware Joker?
- 5 types of malware on Android
Maybe you are interested
This Simple Android App Proves Anything Can Contain Malware
BadBox Malware Is Picking Up Speed, Targeting Certain Android Devices
Warning of new dangerous malware attack campaign targeting Linux
Downloaded malware? Try these fixes before factory reset!
SteelFox Trojan: Malware Turns PCs Into Cryptocurrency Mining Zombies
Remcos Alert: Ingenious Excel Phishing Campaign Spreading Dangerous Fileless Malware