A new malware campaign is utilizing the ClickFix social engineering tactic to distribute a previously undocumented loader named DeepLoad. This malware leverages AI-assisted obfuscation to bypass static scanning and employs advanced evasion techniques, such as masking its payload within legitimate Windows processes like "LockAppHost.exe." It primarily spreads by tricking users into executing PowerShell commands through the Windows Run dialog, subsequently deploying obfuscated PowerShell loaders to maintain a low profile.
DeepLoad is designed for comprehensive credential theft and persistence, using asynchronous procedure call (APC) injection to run shellcode within trusted processes. It features a malicious browser extension for intercepting login data and utilizes Windows Management Instrumentation (WMI) to reinfect hosts autonomously. Additionally, the malware can spread via removable media by masquerading as common installers. The report also highlights Kiss Loader, another emerging threat that delivers Venom RAT through complex multi-stage attack chains involving shortcut files and WebDAV resources.
Top comments (0)