Hospitality Sector Under the threat of AdvisorsBot malware Lessupport 29 Aug 2018
On 29 Aug 2018

Hospitality Sector Under the threat of AdvisorsBot malware

A new malware downloader, AdvisorsBot, has been spotted affecting hospitality sector via email campaigns. It is being hosted by a hacker group going by the name TA555. The main targets have been restaurants, hotels and telecom sectors.

Researchers from Proofpoint were able to track it back since May 2018. Major victims are from United States. Under this attack, the email lures the victim into opening the attached Word document which contains malicious macros. The TA555 hackers have been using different email lures, such as the “double charge” lure targeting hotels, a “food poisoning” lure targeting restaurants and a “resume” lure targeting telecommunications organizations.

The name “AdvisorsBot” is based on early command and control (C&C) domains that all contained the word “advisors”. The malware is written in C, but the threat actor has recently created an interesting fork of the code by the name PoshAdvisor. It is another variant of the same malware which is coded entirely in PowerShell and .NET.

“Like most modern malware, AdvisorsBot employs a number of anti-analysis features. One of the most effective is the use of junk code–such as extra instructions, conditional statements, and loops–to considerably slow down reverse engineering,” Proofpoint researchers wrote in a blog. “To detect various malware analysis tools, AdvisorsBot takes a CRC32 hash of the system’s volume serial number and each running process name and compares them to a list of hardcoded hash values. If it finds a match, the malware exits.”

“While it remains to be seen whether this threat actor will continue to distribute AdvisorsBot, PoshAdvisor, or both in future campaigns, this pair of downloaders, with extensive anti-analysis features and increasingly sophisticated distribution techniques, warrant further investigation,” Proofpoint researchers said.

Trust Logix Cloud ATP for protection against such Malware attacks. Subscribe today for a free evaluation , drop in a mail to sales@logix.in for more information.

Previous page
Next page

Related Posts

  • Strengthen Email Security with DMARC: Protect Your Domain from Fraud Post Thumbnail
    Blog

    Why DMARC Is Essential for Protecting Your Domain from Email Fraud Email continues to be one of the...

    Read More
  • zatpatmail-dedicated-transactional-email-delivery Post Thumbnail
    Blog

    The Mission-Critical Inbox: Why Dedicated Transactional Email is a Business Imperative In the digital-first economy, the distance between...

    Read More
  • Forex Card Fraud Incident Post Thumbnail
    Blog

    Recent reports of unauthorized international transactions on forex cards issued by Yes Bank in partnership with BookMyForex highlight...

    Read More
Scroll
Copy link