TZUTC: -0500   
   MSGID: 548.consprcy@1:2320/105 2c416083   
   PID: Synchronet 3.20a-Linux master/acc19483f Apr 26 202 GCC 12.2.0   
   TID: SBBSecho 3.20-Linux master/acc19483f Apr 26 2024 23:04 GCC 12.2.0   
   BBSID: CAPCITY2   
   CHRS: ASCII 1   
   Criminals are using a virtual hard disk image file to host and distribute   
   dangerous malware   
      
   Date:   
   Thu, 20 Mar 2025 11:14:37 +0000   
      
   Description:   
   Virtual disk files allow cybercriminals to bypass security protections.   
      
   FULL STORY   
      
   Criminals are now using virtual hard disk image files to host and distribute   
   dangerous malware , researchers from Forcepoint are saying.    
      
   In an in-depth analysis, Forcepoint said it observed a phishing campaign,   
   themed as a purchase order. In the attachment of the email is an archive   
   which, when extracted, shows a hard disk Image file (.VHD).    
      
   When the victim opens the file, it mounts itself as a hard drive, and runs a   
   batch script that includes a series of obfuscations including garbage   
   characters, Base64 and AES encryption files. The .BAT file drops the Venom   
   Remote Access Trojan (RAT) and spawns a PowerShell script that uses the   
   Pastebin service to host C2 and exfiltrate stolen data.   
      
   Working around security solutions   
      
   Forcepoints Prashant Kumar said the threat actors opted for a VHD file to    
   work around any email security, or endpoint protection solutions the target   
   may have installed on their device.    
      
   Threat actors always like to find new ways to deliver malware undetected to   
   target large communities, Kumar said. Ill cover a current technique threat   
   actors use to bypass security measures, deliver malware, infect systems and   
   exfiltrate dataall by using a virtual hard disk image file to host and   
   distribute the VenomRAT malware.    
      
   VenomRAT is a type of Trojan that allows cybercriminals to take full control   
   of an infected system. Once installed, it enables attackers to execute   
   commands remotely, steal sensitive information, and manipulate the victim's   
   computer without their knowledge. It is commonly used for keylogging and   
   extracting saved credentials from web browsers and applications.    
      
   This malware is also capable of capturing screenshots and activating webcams,   
   employs various persistence mechanisms, and can deploy additional malware.   
   Because of its powerful capabilities, VenomRAT is often distributed through   
   phishing emails, malicious downloads, and exploit kits that target system   
   vulnerabilities.   
      
   ======================================================================   
   Link to news story:   
   https://www.techradar.com/pro/security/criminals-are-using-a-virtual-hard-disk   
   -image-file-to-host-and-distribute-dangerous-malware   
      
   $$   
   --- SBBSecho 3.20-Linux   
    * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)   
   SEEN-BY: 105/81 106/201 128/187 129/305 153/7715 154/110 218/700 226/30   
   SEEN-BY: 227/114 229/110 111 114 206 300 307 317 400 426 428 470 664   
   SEEN-BY: 229/700 705 266/512 291/111 320/219 322/757 342/200 396/45   
   SEEN-BY: 460/58 712/848 902/26 2320/0 105 3634/12 5075/35   
   PATH: 2320/105 229/426