Threat researchers from the Elastic Security team recently identified a new malware campaign dubbed BLISTER. The novel malware loader was used to execute second stage malware payloads in-memory and maintain persistence. The researchers believe BLISTER was able to fly under the radar by leveraging valid code signing certificates, infecting legitimate libraries to fool machine learning models, and executing payloads in-memory. The team noted that most of the malware samples observed have little to no detections in VirusTotal. The infection vector and goals of the attackers are currently unknown.
Analyst Notes
To protect against malware like BLISTER, organizations should ensure they have an in-depth defensive plan. Binary Defense Managed Detection & Response uses a human-driven, technology-assisted approach to alleviate an organization’s gaps in security and shield its customers from cyberattacks. Our Security Operations Task Force proactively identifies threats, investigates alerts, and recommends remediation steps to help contain the threat.
https://www.elastic.co/blog/elastic-security-uncovers-blister-malware-campaign
