HQ/EMEAFind out how we can help your business
An enhanced version of the notorious BLISTER malware has emerged in the wild, forming a crucial component of SocGholish infection chains. The malware operators employ these malicious processes to disseminate an open-source command-and-control framework known as Mythic.
Based on reports, the updated BLISTER malware introduces a new capability that provides its operators with precise targeting of victim networks while minimising its exposure within virtual machine (VM) and sandbox environments.
This adaptation represents a significant evolution in the tactics employed by threat actors. BLISTER initially came to light in December 2021 when it was identified as a conduit for distributing malicious payloads such as Cobalt Strike and BitRAT on compromised systems. Since then, it has continued to evolve and adapt, becoming an integral part of sophisticated cyberattacks.
The BLISTER malware and SocGholish formed a malicious duo threatening the cybersecurity community.
The utilisation of BLISTER malware alongside SocGholish, also known as FakeUpdates, has appeared in the cybercriminal landscape. SocGholish is a JavaScript-based downloader malware used to deliver the Mythic framework. This partnership highlights the increasing sophistication of cybercriminals as they combine various tools to breach security measures.
One notable evasion tactic BLISTER employs is its integration within a legitimate VLC Media Player library. This strategy aims to circumvent security software and infiltrate victim environments by disguising malicious activity within a trusted application.
SocGholish and BLISTER have frequently been employed in tandem as part of various cyber campaigns. BLISTER, in particular, functions as a second-stage loader for distributing dangerous payloads such as Cobalt Strike and LockBit ransomware. This collaboration underscores the versatility and adaptability of BLISTER as a tool in the cybercriminal arsenal.
Furthermore, a closer examination of the malware reveals that it receives constant maintenance from its developers. Hence, the malware authors continuously incorporate various techniques to bypass detection and avoid threat analysis.
The researchers emphasised that BLISTER is a versatile loader capable of deploying various malicious payloads, including clip-bankers, information stealers, trojans, ransomware, and shellcode.
This adaptability makes BLISTER a persistent and formidable threat in the cybersecurity landscape.
Therefore, the evolving BLISTER malware loader, with SocGholish and other sophisticated tools, poses a significant cybersecurity threat. Its ability to evade detection and distribute a variety of malicious payloads underscores the need for constant vigilance and advanced security measures to combat these emerging cyber threats.
