Undetermined if CoffeeLoader is the next version of SmokeLoader.
Windows devices have been targeted with attacks involving the CoffeeLoader malware.
According to research by Zscaler, the malware masquerades as ASUS's Armoury Crate utility to covertly distribute the Rhadamanthys information-stealing malware and other malicious payloads, Cybernews reports.
Aside from using Armoury Packer to execute code on devices' graphics cards and evade detection by security software, CoffeeLoader — which initially emerged in September — also ensures stealth by utilising Call Stack Spoofing and Sleep Obfuscation capabilities, with the latter potentially activated through the exploitation of Windows fibers.
While CoffeeLoader was found to have significant technical overlaps with the most recent iteration of the
SmokeLoader malware unveiled in December, additional evidence is still needed to establish an association between both payloads, said Zscaler researchers. "At the present time, it is too early to determine whether CoffeeLoader is the next version of SmokeLoader or whether these overlaps are a coincidence.”
Written by
Dan Raywood is a B2B journalist with 25 years of experience, including covering cybersecurity for the past 17 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.
He has spoken at events including 44CON, Infosecurity Europe, RANT Forum, BSides Scotland, Steelcon and the National Cyber Security Show, and served as editor of SC Media UK, Infosecurity Magazine and IT Security Guru. He was also an analyst with 451 Research and a product marketing lead at Tenable.
