- New custom malware loader written in JPHP is wreaking havoc
- The custom payload is difficult to detect using cybersecurity tools
- The malware-loader can deploy custom payloads as required
Trustwave SpiderLabs says it has recently uncovered a new form of malware known as Pronsis Loader, which is already causing trouble due to its unique design and tactics.
Pronsis Loader makes use of JPHP, a lesser-known programming language rarely utilized by cybercriminals, and alsoemploys advanced installation techniques, making it more challenging for cybersecurity systems to detect and mitigate.
JPHP, a variation of the popular PHP language, is rarely seen in the world of malware development. While PHP is commonly used for web applications, its integration into desktop malware development is unusual, giving Pronsis Loader an advantage in avoiding detection.
JPHP – a rare choice in cybercrime
Pronsis Loader can evade signature-based detection systems, which are typically designed to recognize more common programming languages in malware. JPHP gives the malware a layer of “stealth” allowing the malware to fly under the radar of many security tools.
The malware also uses obfuscation and encryption methods to hide its presence during the initial infection phase. Upon execution, it deploys complex methods to avoid triggering traditional antivirus software and endpoint protection systems. The loader first installs itself silently in the system, disguising its activities by mimicking legitimate processes or applications, making it difficult for both automated security tools and human analysts to spot.
Once installed, Pronsis Loader can download and execute additional malware, including
Read full post on Tech Radar
Discover more from Technical Master - Gadgets Reviews, Guides and Gaming News
Subscribe to get the latest posts sent to your email.