This article originally appeared in Information Security Buzz on August 13, 2018.
Hackers are employing a drive-by download attack to exploit a vulnerability in Flash Player. What makes this so different is that researchers at Malwarebytes* have found that hackers are using encryption to package exploits on-the-fly. They are calling it – Hidden Bee Miner.
Patrick Ciavolella, Digital Security & Operations Director at The Media Trust:
“The hidden bee miner shows how bad actors have ingeniously combined a variety of techniques and infrastructure to both maximize the campaign’s spread and minimize the chance of detection. The miner spreads by compromising ad traffic and redirecting them to the exploit’s landing page. It escapes detection by malware blockers and other traditional detection tools because it is not only obfuscated, but also encrypted, requiring a key exchange with the backend server. This makes replaying the malicious traffic nearly impossible even for malware analysts. Another unique feature is the payload’s use of a bootkit, which cannot be detected by an operating system or an anti-malware tool. Even if it were detected, it couldn’t be deleted without damaging the infected device or machine. To prevent such increasingly sophisticated malware in their tracks, website operators need to continuously scan their sites in real time so they can identify unknown malware, terminate their source, and prevent them from infecting their visitors. The ability to thwart this aggressive malware is all the more crucial as consumer data protection laws proliferate across sought-after markets.”