Cybercriminals are constantly developing new and innovative ways to attack businesses and individuals. In a recent security advisory, Kaspersky warned of a new malware loader called ASMCrypt that is being used by cybercriminals to evade detection by antivirus and endpoint detection and response (EDR) solutions.
ASMCrypt Malware Loader is an evolved version of the DoubleFinger malware loader, which was previously used to deploy the GreetingGhoul cryptocurrency stealer in early 2023 by the Russian cybersecurity company. It’s designed to be difficult to detect by antivirus software and other security solutions, making it a popular choice for cybercriminals.
ASMCrypt is a crypter and loader that is used to deliver malware to the users. It is written in assembly language, which makes it difficult to get analyzed and detected by cybersecurity experts. And, ASMCrypt can be easily used to deliver a variety of different malware payloads, that includes ransomware, Trojans, and cryptocurrency miners.
The ASMCrypt Malware Loader works by encrypting the malware payload and embedding it inside a PNG image, which is then uploaded to an image hosting site. The loader then establishes contact with a backend service over the TOR network using hard-coded credentials, and the buyer can then download the payload to their desired device.
So, when the user opens the benign file, the malware payload is decrypted and executed on their device resulting in a big cybercrime.
Loaders like ASMCrypt have gained popularity due to their role as a malware delivery service that multiple threat actors can employ to gain initial access to networks, facilitating ransomware attacks, data breaches, and various other malicious cyber operations.
This includes both newcomers and well-established players like Bumblebee, CustomerLoader, and GuLoader, all of which have been employed to distribute various forms of malicious software. Notably, CustomerLoader exclusively downloads dotRunpeX artifacts as payloads, which subsequently deploy the final-stage malware.
ASMCrypt is a dangerous threat because it can be used to deliver a wide range of malware, including ransomware, data stealers, and other malicious software. It is also a reminder that cybercriminals are constantly developing new tools and techniques to evade detection.
There are several things that businesses and individuals can do to protect themselves from ASMCrypt and other malware loaders:
In addition to the above tips, businesses can also take the following steps to protect their digital assets from ASMCrypt and other malware loaders:
By following these recommendations, businesses can help to protect their digital assets from ASMCrypt and other malware loaders. But it is important to note that even the most well-defended businesses can still be vulnerable to cyber-attacks. So, it is important to have a comprehensive cybersecurity plan in place that includes a mix of preventive and detective controls.
For data security compliance solutions, businesses can reach out to Ampcus Cyber and significantly reduce their risk of being attacked by ASMCrypt and other malware. Ampcus Cyber offers a range of cybersecurity solutions to help businesses protect their digital assets from cyberattacks, including ASMCrypt.
Enjoyed reading this article? Stay updated with our latest exclusive content by following us on Twitter and LinkedIn.
This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.
This website uses Google Analytics to collect anonymous information such as the number of visitors to the site, and the most popular pages.
Keeping this cookie enabled helps us to improve our website.
Please enable Strictly Necessary Cookies first so that we can save your preferences!
This website uses the following additional cookies:
(List the cookies that you are using on the website here.)
More information about our Cookie Policy