How to Remove FoundCore Malware

tonnerre malware

FoundCore Malware is an old, but newly identified malware family, which is being used and developed by an Advanced Persistent Threat (APT) group tracked under the alias APT27 (also known as Cycldek or Goblin Panda.) The campaigns of these criminals dominate the Southeast Asia region, and they have rarely gone after targets in other parts of the world. The FoundCore Malware is not a simple threat and, in reality, it packs a long list of features that allow the payload to operate as a Remote Access Trojan (RAT,) granting full access to the compromised system.

So far, active samples of the FoundCore Malware appear to be concentrated in Vietnam, so it is safe to assume that this is the region that the criminals are interested in. the payload may be delivered via cleverly designed spear-phishing emails, which prompt the victim to download and review either an attachment or a file hosted on a 3rd-party site. The targets that the APT27 hackers approached with the FoundCore Malware appear to be involved in the diplomacy, government, education, and healthcare sectors of Vietnam.

The FoundCore Malware is often used as a secondary payload, which is being deployed after lesser malware gains a foothold over the compromised machine. This campaign is no different, and the criminals rely on the CoreLoader malware to pave the path for FoundCore's attack.

All of APT27's known malware families, including FoundCore, are identifiable and removable by modern antivirus products. Users who are likely to be threatened by these attacks can ensure their online safety and privacy by investing in regularly updated cybersecurity products.

April 7, 2021

Leave a Reply