Hospitality Sector Under the threat of AdvisorsBot malware Lessupport 29 Aug 2018
On 29 Aug 2018

Hospitality Sector Under the threat of AdvisorsBot malware

A new malware downloader, AdvisorsBot, has been spotted affecting hospitality sector via email campaigns. It is being hosted by a hacker group going by the name TA555. The main targets have been restaurants, hotels and telecom sectors.

Researchers from Proofpoint were able to track it back since May 2018. Major victims are from United States. Under this attack, the email lures the victim into opening the attached Word document which contains malicious macros. The TA555 hackers have been using different email lures, such as the “double charge” lure targeting hotels, a “food poisoning” lure targeting restaurants and a “resume” lure targeting telecommunications organizations.

The name “AdvisorsBot” is based on early command and control (C&C) domains that all contained the word “advisors”. The malware is written in C, but the threat actor has recently created an interesting fork of the code by the name PoshAdvisor. It is another variant of the same malware which is coded entirely in PowerShell and .NET.

“Like most modern malware, AdvisorsBot employs a number of anti-analysis features. One of the most effective is the use of junk code–such as extra instructions, conditional statements, and loops–to considerably slow down reverse engineering,” Proofpoint researchers wrote in a blog. “To detect various malware analysis tools, AdvisorsBot takes a CRC32 hash of the system’s volume serial number and each running process name and compares them to a list of hardcoded hash values. If it finds a match, the malware exits.”

“While it remains to be seen whether this threat actor will continue to distribute AdvisorsBot, PoshAdvisor, or both in future campaigns, this pair of downloaders, with extensive anti-analysis features and increasingly sophisticated distribution techniques, warrant further investigation,” Proofpoint researchers said.

Trust Logix Cloud ATP for protection against such Malware attacks. Subscribe today for a free evaluation , drop in a mail to sales@logix.in for more information.

Previous page
Next page

Related Posts

  • Microsoft 365 Security Why the Built-In Stack Shouldn’t Be Overlooked Post Thumbnail
    Blog

    The modern workplace depends heavily on productivity office suites. Mail, meetings, documents, collaboration — everything runs through platforms...

    Read More
  • Why DMARC Matters — And Why Your Business Can’t Ignore It Post Thumbnail
    Blog

    In the past months, several Indian companies have lost crores to email fraud because attackers impersonated their domains...

    Read More
  • Why Choose Zoho Workplace Post Thumbnail
    Blog

    As enterprises continue to accelerate their digital transformation journeys, the priorities have shifted from basic connectivity to secure collaboration, data...

    Read More
Scroll
Copy link