Marap Malware Appears, Targeting Financial Sector

A new form of modular downloader packs the ability to download other modules and payloads.

Dark Reading Staff, Dark Reading

August 18, 2018

1 Min Read
Dark Reading logo in a gray background | Dark Reading

Researchers have detected a new modular downloader in large campaigns primarily hitting financial institutions, where it may be planting the seeds for future compromise.

Proofpoint experts first observed multiple large email campaigns, each consisting of millions of messages, earlier this month. They noticed all led to the same "Marap" malware and shared common features with earlier campaigns linked to the threat actor TA505. The emails contained Microsoft Excel Web Query files, password-protected ZIP files containing the Query files, PDFs with embedded Query files, and Word documents containing macros.

Researchers say the modular nature of Marap lets actors add new capabilities or download additional modules after a system is already infected. They have so far seen it download a system fingerprinting module that performs reconnaissance, they write in a blog post.

This malware, the researchers' report continues, is part of a growing trend of small, versatile malware which gives attackers more flexibility to launch attacks and detect systems that could lead to more damaging compromise.

Read more details here.

360-INsecurity-Sig-Blocks_Vplug2.png

Learn from the industry's most knowledgeable CISOs and IT security experts in a setting that is conducive to interaction and conversation. Early bird rate ends August 31. Click for more info

About the Author

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights