Skip to main content
  1. Home
  2. Computing
  3. News

Stealthy malware shows why you shouldn’t open unknown emails

By

A new kind of malware was recently discovered that managed to slip past 56 separate antivirus products before finally getting caught.

The malware, when executed, can cause some serious damage to your device — and it seems to be so well made that it might be the product of nation-state actors. Opening an email attachment is all it takes to grant it enough entry to wreak havoc.

Hands on a laptop.
EThamPhoto / Getty Images

Unit 42, a threat intelligence team from Palo Alto, has just published a report on a piece of malware that managed to avoid detection from a massive 56 antivirus products. According to the team, the way the malware was built, packaged, and deployed is very similar to various techniques used by the APT29 threat group, also known under the names of Iron Ritual and Cozy Bear. This group has been attributed to Russia’s Foreign Intelligence Service (SVR), which indicates that the malware in question could be a nation-state affair.

Recommended Videos

According to Unit 42, the malware was first spotted in May 2022, and it was found hidden within a pretty strange file type — ISO, which is a disk image file used to carry the entire contents of an optical disc. The file comes with a malicious payload that Unit 42 believes was created using a tool called Brute Ratel (BRC4). BRC4 prides itself on being hard to detect, citing the fact that the tool’s authors reverse-engineered antivirus software in order to make the tool even stealthier. Brute Ratel is particularly popular with APT29, adding further weight to the claim that this malware could be linked to the Russia-based Cozy Bear group.

Related

The ISO file pretends to be the curriculum vitae (resume) of someone named Roshan Bandara. Upon arrival in the recipient’s email mailbox, it doesn’t do anything, but when clicked, it mounts as a Windows drive and displays a file called “Roshan-Bandara_CV_Dialog”. At that point, it’s easy to get fooled — the file appears to be a typical Microsoft Word file, but if you click it, it executes cmd.exe and proceeds to install BRC4.

When that’s done, any number of things could happen to your PC — it all depends on the attacker’s intentions.

Unit 42 notes that finding this malware is worrying for a number of reasons. For one, there is a high probability that it is linked to APT29. Aside from the reasons listed above, the ISO file was created on the same day as when a new version of BRC4 was made public. This suggests that state-backed cyber attack actors could be timing their attacks to deploy them at the most opportune times. APT29 has also used malicious ISOs in the past, so everything seems to fall in line.

The near-undetectability is worrying in itself. For malware to be that stealthy takes a lot of work, and it suggests that such attacks could pose a real threat when used by the wrong team of people.

How can you stay safe?

A digital security lock.
zf L / Getty Images

Amidst frequent reports that cyber attacks have been on a massive rise in recent years, one can hope that many users are now more conscious of the dangers of trusting random people and their files all too much. However, sometimes these attacks come from unexpected sources and in various forms. Enormous distributed denial-of-service (DDoS) attacks happen all the time, but these are more of a problem for enterprise users. Sometimes, software that we know and trust can be used as a decoy to fool us into trusting the download. How to stay safe when danger seems to be lurking around every corner?

First of all, it’s important to realize that a lot of these large-scale cyberattacks are made to target organizations — it’s unlikely that individuals would be targetted. However, in this particular case where the malware is hidden within an ISO file that poses as a resume, it could plausibly be opened by people in various HR settings, including those in smaller organizations. Bigger businesses often have more robust IT departments that wouldn’t allow the opening of an unexpected ISO file — but you never know when something might slip through the cracks.

With the above in mind, it’s never a bad idea to follow a very simple rule that many of us still forget at times — never open attachments from unknown recipients. This can be difficult for an HR department that’s actively collecting resumes, but you, as an individual, can implement that rule into your daily life and not miss out on anything. It’s also not a bad idea to pick up one of the best antivirus software options available. However, the greatest security can be gained by simply browsing mindfully and not visiting websites that might not seem too legit as well as being cautious about your emails.

Editors’ Recommendations

Topics
Monica J. White
Monica J. White
Computing Writer
Monica is a UK-based freelance writer and self-proclaimed geek. A firm believer in the "PC building is just like expensive…
Google is shutting down your Chromebook apps, but here’s why you shouldn’t worry
pixelbook go hands on features price photos video release date google hero

The focus of Chromebooks has always been the Chrome web browser. Apps were always an afterthought, and ever since Google introduced the Android Play Store to Chrome OS, users have had three different ways to experience apps on their Chromebooks.

First, there are Chrome Apps, which are specially packaged and run inside the Chrome web browser. These are the ones Google is shutting down, with a final shutdown date set for 2022.

Read more
Trying to buy a GPU in 2023 almost makes me miss the shortage
Two AMD Radeon RX 7000 graphics cards on a pink surface.

The days of the GPU shortage are long over, but somehow, buying a GPU is harder than ever -- and that sentiment has very little to do with stock levels. It's just that there are no obvious candidates when shopping anymore.

In a generation where no single GPU stands out as the single best graphics card, it's hard to jump on board with the latest from AMD and Nvidia. I don't want to see another GPU shortage, but the state of the graphics card market is far from where it should be.
This generation is all over the place

Read more
HP printers are heavily discounted in Best Buy’s flash sale
The HP - OfficeJet Pro 8034e Wireless All-In-One Inkjet Printer on a desk with a smartphone.

There’s good news in store if you’re looking to land a new printer at a discount this weekend. Best Buy is having a 48-hour flash sale on HP printers, with several that can compete with the best printers seeing some good prices. HP is almost always one of the best laptop brands, and it’s one of the same when it comes to printers. So if you’re looking for a new home or office printer, read onward on how to save on an HP printer at Best Buy.
HP DeskJet 2755e — $60, was $85

The HP DeskJet 2755e is a good entry-level printer. It’s got you covered if your printing needs are pretty basic, or if you don’t need to print in mass. This is a color InkJet printer, which makes it good for almost all uses. It can also make copies and scan in color, and it has mobile and wireless printing functionality. You can get set up quickly and easily with the HP Smart app that guides you through the setup process, and you can also use this app to print, scan and copy documents from your phone.

Read more