Batloader Malware Abuses Legitimate Tools, Uses Obfuscated JavaScript Files in Q4 2022 Attacks

Batloader Malware Abuses Legitimate Tools Uses Obfuscated JavaScript Files in Q4 2022 Attacks

Malware

We discuss the Batloader malware campaigns we observed in the last quarter of 2022, including our analysis of Water Minyades-related events (This is the intrusion set we track behind the creation of Batloader).

By: Junestherry Dela Cruz January 17, 2023 Read time:  ( words)

We discuss the Batloader malware campaigns we observed in the last quarter of 2022, including our analysis of Water Minyades-related events (This is the intrusion set we track behind the creation of Batloader).

Batloader (detected by Trend Micro as Trojan.Win32.BATLOADER), is an initial access malware family that is known for using malvertising techniques and using script-based malware inside Microsoft Software Installation (MSI) packages downloaded from legitimate-looking-yet-malicious websites. Earlier this year, Mandiant researchers observed Batloader using search engine optimization (SEO) poisoning techniques in its attacks.

Batloader is associated with an intrusion set that we have dubbed “Water Minyades.” The actors behind Water Minyades are known for delivering other malware during the last quarter of 2022, such as Qakbot, RaccoonStealer, and Bumbleloader via social engineering techniques.

In this blog entry, we discuss notable Batloader campaigns that we’ve observed in the last quarter of 2022, including the abuse of custom action scripts from the Advanced Installer software and Windows Installer XML (WiX) toolset, the use of

Read more

Explore the site

More from the blog

Latest News