These files came in two varieties: some files were randomly-named other files were named for legitimate software.
When I looked into the specific behaviors of the file, it became clearer that the software is in fact malicious, and that it is actually downloading malicious files from the popular web-based file hosting service Dropbox. These files were all located in a user’s %AppData%realupdate_ob directory, and the sizes were all quite consistent.Īt first glance there was nothing too special about this finding – malware appearing to be legitimate software is nothing new.
In this case, I came across a collection of files masquerading as RealNetworks updater executables. It’s never surprising to see the multitude of tactics a cybercriminal will use to deliver malware.
0 kommentar(er)
