13 November 19, 15:10
Quote:A newly discovered piece of ransomware written in PureBasic has been linked to a Malware-as-a-Service (MaaS) provider that has been used by Cobalt Gang, FIN6, and other threat groups.
Dubbed "PureLocker", the malware comes with evasion methods and features that have allowed it to remain undetected for months. The use of PureBasic, a rather uncommon programming language, also makes porting between Windows, Linux, and macOS easy.
The analyzed Windows sample was masquerading as the C++ cryptography library called Crypto++, and managed to remain undetected by VirusTotal antivirus engines for several weeks. The file would not exhibit malicious or suspicious behavior when executed in a sandbox, Intezer reveals.
Digging deeper, security researchers discovered that the file was not related to Crypto++, but that it did include code copied from multiple malware families, mainly from the Cobalt Gang. Most of the malicious code, however, was found to be unique.
Read more: https://www.securityweek.com/new-pureloc...-gang-fin6