[MART] - Daily Diary #399 - Babadeda Campaign Targeting NFT Users

[CTAS-MAT]

Hello,
I hope everyone is doing well!

Below is the entry for today.

11/26/2021 - Diary entry #399

This week a new malware campaign targeting Cryptocurrency communities on Discord was disclosed. The attacker lured users through private messages into downloading an application that would supposedly add new features or benefits for NFT related apps on windows. The applications were hosted on websites with URLs similar to the NFT apps they were targeting. After clicking to install the supposed windows version of the app, the users received a sample of a new malware, called Babadeda.

Babadeda works both as a dropper and a packer, applying cryptography algorithms to hide their payload from AntiViruses and security solutions. When executed, the embedded payload is decrypted and executed directly on memory, making it harder to be detected.

Babadeda was found deploying several malware families, including Remcos, BitRAT, and even LockBit ransomware. It's not clear yet if this threat is related to a specific cybercrime gang, or if it's rented by threat actors to perform its attacks.

Kind Regards,

[https://d3aafpijpsak2t.cloudfront.net/images/Signature/logo@2x.png]<https://www.appgate.com/>

[https://d3aafpijpsak2t.cloudfront.net/images/Signature/likedin@2x.png]<https://www.linkedin.com/company/appgate-security/>     [https://d3aafpijpsak2t.cloudfront.net/images/Signature/twitter@2x.png] <https://twitter.com/AppgateSecurity>   [https://d3aafpijpsak2t.cloudfront.net/images/Signature/youtube@2x.png] <https://www.youtube.com/channel/UC-8GvxcZbm-R3EJNl8jYjiQ>



Felipe Duarte Domingues
Security Researcher
Appgate

E: felipe.duarte at appgate.com<mailto:felipe.duarte at appgate.com>
O: +55 19 98840 2509

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.immunityinc.com/pipermail/mart/attachments/20211126/5ec0ca85/attachment.htm>