Hackers revive years-old malware to exploit mass remote working

Strains that rely on social engineering are once again growing in popularity

Hackers are said to be turning to years-old malware strains to provide support for fresh attacks amid the coronavirus pandemic, a new report has claimed.

The tactic is to blame for a sudden surge in the number of remote access trojans, keyloggers, botnets, and spyware tools detected since the start of the year, many of which are regarded as highly dangerous.

Each of these older strains rely on social engineering and phishing campaigns to spread, something that is being mobilised to exploit a shift to mass remote working.

The number of detections of NetWiredRC, a backdoor malware that first surfaced in 2014, rose 200% between December and March, according to Malwarebytes' CTNT report. This particular strain has been associated with a number of state-sponsored attacks, including APT33 attacks on organisations in the US, Saudi Arabia, and South Korea.

Researchers also witnessed a 109% increase in the use of the AveMaria remote access trojan between February and March alone, spread using phishing emails that claim to contain information about the effective use of face masks.

In the case of the LokiBot malware, a well-known keylogger and botnet first discovered in 2015, hackers are relying on the unusual tactic of hiding source code inside image files, rather than pdf and document attachments that remote workers have been told to guard against.

Other examples include AZORult, a four-year-old malware that acts as a downloader for other malware, which is said to be behind the spike in the number of coronavirus-themed emails. This includes an email that claims to be a receipt for a bulk order of ventilators, the attachment in which directs users to a fake Johns Hopkins University coronavirus map application.

It's through fake applications like this that other malware, including the DanaBot strain – which saw a 166% increase between February and March – are spread.

Researchers also recorded a 26% rise in the number of card skimming attacks between February and March, largely driven by a sudden drastic shift towards online shopping.

"Themed phishing campaigns usually don't last too long," explained Malwarebytes in the report. "In fact, once enough information about their existence has been distributed, the attacks will become less effective and we'll see a return to regular attacks, like those pretending to be from a bank or shipping company.

However, the report added that given organisations are likely to ask many of their employees to continue to work remotely, the trend of hackers targeting systems through vulnerable endpoints will also remain.

Featured Resources

The complete guide to changing your phone system provider

Optimise your phone system for better business results

Download now

Simplify cluster security at scale

Centralised secrets management across hybrid, multi-cloud environments

Download now

The endpoint as a key element of your security infrastructure

Threats to endpoints in a world of remote working

Download now

2021 state of IT asset management report

The role of IT asset management for maximising technology investments

Download now

Recommended

Bank-targeting malware disguises itself as video conferencing software
Security

Bank-targeting malware disguises itself as video conferencing software

19 Oct 2020
Your essential guide to internet security
Security

Your essential guide to internet security

23 Sep 2020
Best free malware removal tools 2020
Security

Best free malware removal tools 2020

21 Sep 2020
'NetWalker' ransomware explodes thanks to 'as a service' expansion
ransomware

'NetWalker' ransomware explodes thanks to 'as a service' expansion

4 Sep 2020

Most Popular

Do smart devices make us less intelligent?
artificial intelligence (AI)

Do smart devices make us less intelligent?

19 Oct 2020
Politicians need to stop talking about technology
Policy & legislation

Politicians need to stop talking about technology

21 Oct 2020
Best MDM solutions 2020
mobile device management (MDM)

Best MDM solutions 2020

21 Oct 2020