Trend Micro Identified a New Malware That Sniffs on Victim Screen — CyberWorkx

Researchers from Trend Micro has identified a new malware dubbed “BIOPASS” targeting china’s gambling site via Watering hole attack to sniff on victims screen by abusing Open Broadcaster Software(OBS) live streaming app.

The Threat actors behind this campaign seems to have planted the malicious JS file on the support chat box of gambling sites which redirects the users to download the malicious payload disguised as a Adobe Flash Player/ Microsoft SilverLight.

“ Closer examination of the loader shows that it loads either a Cobalt Strike shellcode or a previously undocumented backdoor written in Python, a new type of malware that we found to be named BIOPASS RAT (remote access trojan).”

“BIOPASS RAT possesses basic features found in other malware, such as file system assessment, remote desktop access, file exfiltration, and shell command execution. It also has the ability to compromise the private information of its victims by stealing web browser and instant messaging client data.” reads the blog post by Trend Micro.

The experts also noticed that BIOPASS malware loader binaries were signed with two valid certificates which might have been stolen from South Korea and Taiwan, experts believe that this malware behavior links to the APT41(Chinese Winnti APT).

Originally published at https://cyberworkx.in on July 12, 2021.