Cybercriminals Using New ASMCrypt Malware Loader for Big Cybercrimes & Fly Under the Radar

Cybercriminals are constantly developing new and innovative ways to attack businesses and individuals. In a recent security advisory, Kaspersky warned of a new malware loader called ASMCrypt that is being used by cybercriminals to evade detection by antivirus and endpoint detection and response (EDR) solutions.

ASMCrypt Malware Loader is an evolved version of the DoubleFinger malware loader, which was previously used to deploy the GreetingGhoul cryptocurrency stealer in early 2023 by the Russian cybersecurity company. It’s designed to be difficult to detect by antivirus software and other security solutions, making it a popular choice for cybercriminals.

What is ASMCrypt and how does it work?

ASMCrypt is a crypter and loader that is used to deliver malware to the users. It is written in assembly language, which makes it difficult to get analyzed and detected by cybersecurity experts. And, ASMCrypt can be easily used to deliver a variety of different malware payloads, that includes ransomware, Trojans, and cryptocurrency miners.

The ASMCrypt Malware Loader works by encrypting the malware payload and embedding it inside a PNG image, which is then uploaded to an image hosting site. The loader then establishes contact with a backend service over the TOR network using hard-coded credentials, and the buyer can then download the payload to their desired device.

So, when the user opens the benign file, the malware payload is decrypted and executed on their device resulting in a big cybercrime.

Loaders like ASMCrypt have gained popularity due to their role as a malware delivery service that multiple threat actors can employ to gain initial access to networks, facilitating ransomware attacks, data breaches, and various other malicious cyber operations.

This includes both newcomers and well-established players like Bumblebee, CustomerLoader, and GuLoader, all of which have been employed to distribute various forms of malicious software. Notably, CustomerLoader exclusively downloads dotRunpeX artifacts as payloads, which subsequently deploy the final-stage malware.

ASMCrypt is a dangerous threat because it can be used to deliver a wide range of malware, including ransomware, data stealers, and other malicious software. It is also a reminder that cybercriminals are constantly developing new tools and techniques to evade detection.

How to protect yourself from ASMCrypt Malware Loader?

There are several things that businesses and individuals can do to protect themselves from ASMCrypt and other malware loaders:

• Keep your software up to date: Software vendors regularly release security patches to address known vulnerabilities. Make sure to install these patches as soon as they are available.
• Use strong passwords and enable multi-factor authentication for all critical accounts: This will help to prevent cybercriminals from gaining access to your systems and accounts.
• Be careful about what attachments you open and what links you click on: If you receive an email from an unknown sender, do not open any attachments or click on any links.
• Be suspicious of unsolicited phone calls and emails: Scammers often use these methods to try to trick people into revealing sensitive information or installing malware.
• Use a reputable antivirus and antimalware solution: Make sure to keep your antivirus and antimalware solutions up to date with the latest signatures.

What businesses can do to protect their digital assets from ASMCrypt and other malware loaders?

In addition to the above tips, businesses can also take the following steps to protect their digital assets from ASMCrypt and other malware loaders:

• Implement security controls to prevent malware loaders from being executed: This includes using antivirus software, firewalls, and intrusion detection systems.
• Educate employees on cybersecurity best practices: This includes teaching employees how to identify and avoid phishing emails, malicious attachments, and other social engineering attacks.
• Monitor systems for suspicious activity: This includes using SIEM tools to monitor logs and events for signs of compromise.
• Have a plan in place to respond to malware infections: This includes having a process for isolating infected systems, restoring data from backups, and investigating the incident to identify and mitigate root causes.

By following these recommendations, businesses can help to protect their digital assets from ASMCrypt and other malware loaders. But it is important to note that even the most well-defended businesses can still be vulnerable to cyber-attacks. So, it is important to have a comprehensive cybersecurity plan in place that includes a mix of preventive and detective controls.

For data security compliance solutions, businesses can reach out to Ampcus Cyber and significantly reduce their risk of being attacked by ASMCrypt and other malware. Ampcus Cyber offers a range of cybersecurity solutions to help businesses protect their digital assets from cyberattacks, including ASMCrypt.

Enjoyed reading this article? Stay updated with our latest exclusive content by following us on Twitter and LinkedIn.