A recent malware campaign identified as OBSCURE#BAT utilizes social engineering to deliver a rootkit named r77, allowing threat actors to maintain persistence and avoid detection. The campaign primarily targets English-speaking individuals in the U.S., Canada, Germany, and the UK. Attackers utilize deceptive methods, including fake software downloads and CAPTCHA scams, to get users to execute malicious batch scripts, which install the rootkit through PowerShell commands. The rootkit can hide various files and tasks, complicating detection efforts, while maintaining a foothold in compromised systems.
It has been targeting users by either masquerading as legitimate software downloads or via fake captcha social engineering scams.
The malware stores obfuscated scripts in the Windows Registry and ensures execution via scheduled tasks, allowing it to run stealthily.
Collection
[
|
...
]