Malvirt

Malware updated a month ago (2024-11-29T13:59:37.902Z)
Download STIX
Preview STIX
MalVirt is a malicious software (malware) that has been observed to be distributed through malvertising attacks, using virtualized .NET malware loaders. The malware infects systems via suspicious downloads, emails, or websites, and once inside, it can disrupt operations, steal personal information, or even hold data hostage for ransom. SentinelOne's senior threat researcher Aleksandar Milenkoski discovered that the MalVirt loaders are distributing malware from the Formbook family, an infostealer malware. This discovery was part of an ongoing campaign at the time of writing, according to a SentinelOne advisory. In the past, Formbook and XLoader malware have typically been distributed via phishing emails and "malspam" via Macro-enabled Office documents. However, the new MalVirt campaign suggests a shift towards these types of malware being distributed through malvertising. The distribution of this malware through the MalVirt loaders is characterized by an unusual amount of applied anti-analysis and anti-detection techniques. Some MalVirt samples also determine whether they are executing in a virtual machine or sandbox environment, often querying registry keys to detect the VirtualBox or VMware environments. The individuals behind the Formbook and XLoader malware are demonstrating their ability to expand beyond phishing and adopt the growing trend of malvertising through the distribution of MalVirt. This includes the use of signatures and countersignatures from companies like Microsoft, Acer, DigiCert, Sectigo, but with invalid certificates or untrusted systems. SentinelOne first encountered a MalVirt sample during a routine Google search for "Blender 3D." The researchers were subsequently struck by the lengths the miscreants went to evade detection and analysis of the loaders and info-stealing malware.
Description last updated: 2024-05-04T18:50:57.305Z
What's your take? (Question 1 of 3)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
Formbook is a possible alias for Malvirt. Formbook is a type of malware, malicious software designed to exploit and damage computer systems. It infects systems through suspicious downloads, emails, or websites and can steal personal information, disrupt operations, or hold data hostage for ransom. Formbook has been linked with other forms o
2
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Malware
Phishing
Malvertising
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Source Document References
Information about the Malvirt Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more