Threat researchers from the Elastic Security team recently identified a new malware campaign dubbed BLISTER. The novel malware loader was used to execute second stage malware payloads in-memory and maintain persistence. The researchers believe BLISTER was able to fly under the radar by leveraging valid code signing certificates, infecting legitimate libraries to fool machine learning models, and executing payloads in-memory. The team noted that most of the malware samples observed have little to no detections in VirusTotal. The infection vector and goals of the attackers are currently unknown.
By Akshay Rohatgi and Randy Pargman About this Student Research Project Binary Defense’s mission is