Packer Software Being Used As New Attack Vector For Cybercriminals

Threat actors are increasingly abusing legitimate and commercially available packer software such as BoxedApp to evade detection and distribute malware like remote access trojans and information stealers. This practice poses significant risks to various sectors, especially financial institutions and government industries.

Understanding Packer Software and Its Misuse

Packers are self-extracting archives used to bundle software, making them smaller and easier to distribute. However, cybercriminals have repurposed these tools to add an extra layer of obfuscation to their malicious payloads, making them harder to detect and analyze. BoxedApp, a popular packer, has become a favorite among attackers due to its advanced capabilities.

Who is at Risk?

1. Financial Institutions: Banks and financial services are prime targets due to the valuable data they handle, such as account details and transaction information.

2. Government Agencies: These entities are often targeted for sensitive information, which can be used for espionage or to disrupt public services.

3. Businesses Across Sectors: Any organization that uses software for its operations is at risk, particularly those with inadequate cybersecurity measures.

4. Individual Users: People using personal devices for financial transactions or sensitive communications can also be targeted by malware distributed through packed software.

How to Protect Yourself

1. Implement Robust Security Measures: Use advanced endpoint security solutions that can detect and mitigate threats posed by packed malware. Ensure your security software is regularly updated.

2. Conduct Regular Security Audits: Regularly review and update your security protocols to identify and patch vulnerabilities in your systems.

3. Educate Employees: Train your staff to recognize phishing attempts and other common tactics used by cybercriminals to distribute malware.

4. Use Multi-Factor Authentication (MFA): Implement MFA for accessing sensitive systems and data. This adds an extra layer of security and reduces the risk of unauthorized access.

5. Limit the Use of Third-Party Software: Avoid using software that is not essential or that you do not fully understand. Ensure any third-party software used is from a reputable source and regularly updated.

6. Monitor Network Traffic: Use network monitoring tools to detect unusual activity that may indicate a malware infection or a cyberattack.

7. Backup Data Regularly: Maintain regular backups of critical data to ensure you can recover from a ransomware attack or other data loss incidents.

The Dangers of Ransomware and Information Stealers

Ransomware attacks can paralyze computer systems, disrupt operations, and cause significant financial and reputational damage. Information stealers can harvest sensitive data such as login credentials, financial information, and personal details, which can be used for further attacks or sold on the dark web.

Cybercriminals often target high-value sectors like finance and government because the potential payoff is substantial, and these sectors may be more willing to pay ransoms quickly to restore critical services. The use of packer software like BoxedApp allows attackers to hide their malware within seemingly legitimate files, making detection and prevention challenging.

Recent Trends in Packer Software Abuse

Check Point security researcher Jiri Vinopal reported a significant increase in the use of BoxedApp and other packers to distribute malware. The volume of samples packed with BoxedApp and submitted to the Google-owned VirusTotal malware scanning platform spiked around May 2023. These samples mainly originated from countries like Turkey, the U.S., Germany, France, and Russia.

Malware families such as Agent Tesla, AsyncRAT, LockBit, LodaRAT, and many others have been distributed using these methods. Additionally, tools like NSIXloader, which uses the Nullsoft Scriptable Install System (NSIS), and Kiteshield, targeting Linux systems, have also been identified as being abused by cybercriminals.

Conclusion

The rise in the abuse of packer software underscores the need for heightened cybersecurity awareness and robust protective measures. By understanding the risks and implementing comprehensive security strategies, organizations and individuals can better safeguard themselves against these sophisticated cyber threats. Regular updates, strong authentication measures, employee education, and vigilant monitoring are crucial in defending against the evolving tactics of cybercriminals.