Security researchers are warning defenders to be aware of ‘DarkTortilla’ which several threat actors are using to deliver a wide range of information stealers, remote-access Trojans (RATs), and other malicious payloads. DarkTortilla was first observed by researchers in October 2021, but they believe it has been active since at least 2015. Similar to other malware, threat actors are distributing DarkTortilla via spam emails with file attachments such as .ISO, .ZIP, and .IMG. In some instances, they have also used malicious documents to deliver the malware. DarkTortilla is a highly modular crypter, which is software designed to help malware remain undetected through bypassing anti-malware and anti-sandbox tools to maintain persistence and load additional malicious payloads. DarkTortilla also employs social engineering techniques including displaying fake messages on victim devices designed to trick users into believing the malware executing on their system is benign. Read more at DarkReading.
H2Oex: In Person 1 day event/exercise. Thurs Dec 5th. Washington DC. Join us!