Hackers Now Use "Malware Cluster Bombs" in Attacks - How to Stay Safe

Hackers Now Use "Malware Cluster Bombs" in Attacks - How to Stay Safe

Having your computer infected with malware is bad enough, but imagine if a hacker could drop 10 different types of malware on your PC at the same time Well, a new group of hackers is doing just that right now

As reported by BleepingComputer, the threat actor known as Unfurling Hemlock has begun infecting vulnerable systems with what security researchers at KrakenLabs call "malware cluster bombs"

According to a new blog post, Unfurling Hemlock has already launched these so-called malware cluster bomb attacks in 10 countries around the world, most of which appear to be aimed at targets in the United States

Here is everything you need to know about these malware cluster bomb attacks and what you can do to avoid being victimized

The malware first used in these attacks is distributed via malicious email or through malware loaders for which Unfurling Hemlock has paid royalties to other hackers Either way, a malicious executable file called "WEXTRACTEXE" is installed on the potential victim's computer

This malicious executable contains nested compressed cabinet files, with each level containing a different malware sample and another compressed file, thus acting as a malware cluster bomb When unzipped on the victim's computer, each drops a different malware variant

When the final stage of the attack is reached, all of these extracted files are executed in reverse order, with the most recently extracted malware attacking the target device first; according to KrakenLabs researchers, each such malware cluster bomb has four to seven stages, so the amount of malware they contain varies

The types of malware dropped on computers in Unfurling Hemlock attacks can include information theft, botnets, backdoors, etc KrakenLabs has seen many common types of malware in these cluster bomb attacks, including Redline stealer and many other common malware

KrakenLabs does not address how Unfurling Hemlock makes money from these attacks, but BleepingComputer has found that the group uses information-stealing malware to harvest sensitive data and may sell this information to other BleepingComputer believes that the group may be using information-stealing malware to harvest sensitive data and sell this information to other hacker groups

The most important thing you can do to protect yourself from common malware and cluster-bomb type attacks is to be extremely careful when downloading files online You should never download or open a file from an untrusted source, whether it is an attachment in a phishing email or an executable file on a disreputable site

However, hackers use all sorts of different tricks, from social engineering to false sense of urgency, to get you to reply to their messages and download or open suspicious files This is where the best antivirus software can help

If you download something suspicious, the antivirus software will flag the file and warn you that it is dangerous Paid antivirus software often comes with useful options like VPNs and password managers, but Microsoft's built-in antivirus software should be able to stop most threats It is turned on by default, so you need to make sure Windows Defender is enabled

Hackers are always coming up with new ways to attack, and these malware cluster bombs are among the most interesting I've seen in a while However, if you are careful online, avoid downloading files from unknown sources, and keep your PC and the software on your PC up-to-date, you should be able to avoid falling victim to a nasty malware infection

Categories