Hackers Hide VenomRAT Malware Inside Virtual Hard Disk Image Files

Summary: Cybersecurity researchers at Forcepoint X-Labs have discovered a new malware campaign utilizing VenomRAT, a remote access trojan, delivered via an uncommon method. Instead of typical documents, attackers are sending .vhd files containing a malicious batch script disguised as harmless purchase orders. This innovative approach leverages virtualization techniques to evade detection by security software and facilitate data theft.

Affected: Organizations targeted by phishing attacks

Keypoints :

• Cybercriminals use .vhd files to hide VenomRAT, making detection difficult.
• The malware executes multiple malicious activities, including establishing persistence and modifying Windows registry settings.
• Users are advised to verify unexpected emails and maintain up-to-date security measures to prevent infection.