Exploiting an Unpatched Vulnerability, the Ave_Maria Malware Is Not Full of Grace

CISO Summary

CofenseTM has seen a rise in phishing campaigns designed to deliver a type of stealer malware called Ave_Maria. It contains a capability, DLL hijacking, that uses a vulnerability with no forthcoming fix. With origins in a publicly available utility, DLL lets Ave_Maria gain greater admin privileges and avoid detection, then steal information so it can download additional plugins and potentially other payloads. This malware can bypass detection and privilege restrictions on many endpoints.

The Vjw0rm Malware Does It All. Here’s What to Watch For.

CISO Summary 

It’s called the Vengeance Justice Worm (Vjw0rm), but think of it as the Leatherman tool of malware. Vjw0rm wreaks havoc in highly versatile ways: information theft, denial of service (DoS) attacks, and self-propagation to name a few. CofenseTM has spotted this hybrid threat—a cross between a worm and a remote access trojan (RAT)—in a recent phishing campaign dangling a banking lure.   

In 2018, Cheap and Easy Malware Flooded Corporate Inboxes

CISO Summary

Sometimes it’s the simple things that make life hard. In 2018, over 2/3 of unique malware campaigns Cofense IntelligenceTM observed were simple, inexpensive “stealers” or remote access trojans (RATs). With exceptionally low barrier-to-entry—an email account or website can handle distribution and communication—these malware types make data theft a viable career choice for threat actors without the skills to use more advanced varieties.