AvosLocker ransomware was discovered by Trend Micro researchers to have a new variant that could facilitate antivirus system deactivation and evade detection, The Hacker News reports.
"This is the first sample we observed from the U.S. with the capability to disable a defense solution using a legitimate Avast Anti-Rootkit Driver file (asWarPot.sys). In addition, the ransomware is also capable of scanning multiple endpoints for the Log4j vulnerability (Log4shell) using Nmap NSE script," wrote Trend Micro researchers Alvin Nieto and Christopher Ordonez.
Most attacks by AvosLocker between July 2021 and February 2022 have been targeted at the food and beverage industry, followed by organizations in the technology, finance, telecom, and media sectors.The report noted that a Zoho ManageEngine ADSelfService Plus software remote code execution flaw exploit was leveraged to initiate the attack."
The HTA executed an obfuscated PowerShell script that contains a shellcode, capable of connecting back to the [command-and-control] server to execute arbitrary commands," researchers said.
Antivirus protections evaded by novel AvosLocker ransomware variant
AvosLocker ransomware was discovered by Trend Micro researchers to have a new variant that could facilitate antivirus system deactivation and evade detection.
Attackers behind the scheme placed an ad on the LEGO website homepage that urged visitors to click a link that would "unlock secret rewards," which redirects to a third-party marketplace enabling purchases of the fraudulent LEGO token with Ethereum.
Threat actors who infiltrated the online store of 5.11 Tactical were able to exfiltrate information from individuals who shopped from July 12 to August 22, including their names and email addresses, as well as their payment card numbers, expiration dates, and security codes.