Remove BoomBox Malware

The BoomBox Malware is a custom implant developed by the hackers of Nobelium, an Advanced Persistent Threat (APT) group, which recently made the news because of their attacks against SolarWinds. The BoomBox Malware appears to be part of a new campaign, which is carried out via fake phishing emails sent out by legitimate addresses that the hackers have compromised successfully. Somehow, they have managed to access email addresses used by the U.S. Agency for International Development. This makes the phishing attack much more dangerous since victims might think that they have received the message from a legitimate organization.

The BoomBox Malware is typically delivered right after the criminals have used the EnvyScout implant to obtain the victim's Windows password. BoomBox is usually found inside an ISO image file, which then delivers additional implants that are fetched from the DropBox cloud service. Naturally, DropBox tends to sanitize their files and remove malicious content, but the criminals are automatically uploading the files to new accounts whenever the old ones get taken down.

Apart from fetching encrypted malware, the BoomBox Malware will also collect basic information about the compromised system and then transfer it to the server of the attackers. Typically, the obtained data is used to analyze the purpose and importance of the compromised system and determine how the attackers should proceed with the attack.

While the BoomBox Malware may be the product of highly skilled malware developers, it can still be stopped with the use of an up-to-date security tool.

June 1, 2021