Researchers have discovered a new variant of a malware loader that can control the victim’s device from distant.
VBScript can now open the door to allow a PHP application to access and take control of a computer, making it part of a botnet. This new variant of VBScript is named ARS VBS Loader.
This new ARS VBS Loader downloads malware and provides remote-control access to a botnet controller, making it both a malware loader and a RAT, or remote access trojan. The loader variant is already being sold on Russian malware sites.
This cybersecurity problem can be easily avoided by implementing a robust cybersecurity solution inside every device that you own. Don’t let your guard down! Depending on which OS your device is running it is mandatory to install an antivirus for Windows or antivirus for Mac.
During the malware analysis, researchers found that ARS VBS has two new characteristics that make it highly unusual: persistence and remote access capability.
The persistence mechanism for this loader is pretty unique. First, it reports the statistics of its success back to the C&C server and then it downloads additional malware from the server. By using this feature, cybercriminals can switch things up, changing attacks and profiles on the fly once the infection is in place.
ARS VBS is looking more like a RAT then a loader, and that combined with the persistence mechanism makes it especially dangerous.
So far, it was found that this new loader variant is being spread by relatively unsophisticated means like massive spam campaigns that aren’t carefully targeted.
VBScript payloads are still getting cybersecurity systems because it’s tough to tell the difference between legitimate VBScript files that network admins might use for legitimate admin duties, and malware.
Keep in mind that VBScript is baked in, or supported out of the box, with every Windows system and if you turn it off, you will lose the ability to perform any authorized tasks.
If you are a company, remember that the install of an antivirus represents only the first layer of security. To be adequately protected, you must contract a cybersecurity company that will carry some advance cybersecurity tests to your company networks, like penetration tests, and ethical hacking tests. This kind of checks must be made every year because cyber security threats evolve and you must find and fix any cybersecurity flaws as soon as they are discovered.