Malvirt

Malware Profile Updated 24 days ago
Download STIX
Preview STIX
MalVirt is a malicious software (malware) that has been observed to be distributed through malvertising attacks, using virtualized .NET malware loaders. The malware infects systems via suspicious downloads, emails, or websites, and once inside, it can disrupt operations, steal personal information, or even hold data hostage for ransom. SentinelOne's senior threat researcher Aleksandar Milenkoski discovered that the MalVirt loaders are distributing malware from the Formbook family, an infostealer malware. This discovery was part of an ongoing campaign at the time of writing, according to a SentinelOne advisory. In the past, Formbook and XLoader malware have typically been distributed via phishing emails and "malspam" via Macro-enabled Office documents. However, the new MalVirt campaign suggests a shift towards these types of malware being distributed through malvertising. The distribution of this malware through the MalVirt loaders is characterized by an unusual amount of applied anti-analysis and anti-detection techniques. Some MalVirt samples also determine whether they are executing in a virtual machine or sandbox environment, often querying registry keys to detect the VirtualBox or VMware environments. The individuals behind the Formbook and XLoader malware are demonstrating their ability to expand beyond phishing and adopt the growing trend of malvertising through the distribution of MalVirt. This includes the use of signatures and countersignatures from companies like Microsoft, Acer, DigiCert, Sectigo, but with invalid certificates or untrusted systems. SentinelOne first encountered a MalVirt sample during a routine Google search for "Blender 3D." The researchers were subsequently struck by the lengths the miscreants went to evade detection and analysis of the loaders and info-stealing malware.
What's your take? (Question 1 of 3)
54d2dabc-da33-43b7-b642-343a9d2f703b Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Formbook
2
Formbook is a type of malware, a malicious software designed to exploit and damage computer systems. It can infiltrate your system through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can steal personal information, disrupt operations, or even hold d
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Malware
Phishing
Malvertising
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Malvirt Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
CERT-EU
a year ago
Malvertising attacks are distributing .NET malware loaders
InfoSecurity-magazine
a year ago
MalVirt Loaders Exploit .NET Virtualization to Deliver Malvertising Attacks
InfoSecurity-magazine
5 months ago
New Research: Tackling .NET Malware With Harmony Library
InfoSecurity-magazine
9 months ago
XLoader MacOS Malware Variant Returns With OfficeNote Facade
CERT-EU
2 months ago
12 Months of Fighting Cybercrime & Defending Enterprises | #cybercrime | #infosec | National Cyber Security Consulting