The TEARDROP Malware is identified as a basic Trojan Dropper, which was used by the cybercriminals behind the recent supply-chain attack linked to the SolarWinds software vendor. This campaign involved the use of a large number of complex malware families, which served a wide range of specific purposes – the TEARDROP Malware, in particular, focuses on deploying an embedded payload while gaining persistence and remaining as silent as possible.
The malware piece that was commonly used in combination with the TEARDROP Malware during this campaign is a cracked copy of the Cobalt Strike BEACON, a legitimate penetration testing toolkit. However, it is regularly being used by evil-minded cybercriminals who have no intention of using it to help discover and patch vulnerabilities. Another specialty of the TEARDROP Malware is its ability to operate through the computer's memory, therefore leaving a minimal footprint on the hard drive. The only file it stored on infected machines is a maliciously modified JPG image, which may go by random names like gracious_truth or festive_computer. The TEARDROP Malware reads this file in regular intervals to fetch configuration data.
Malware that operates in fileless mode tends to be more difficult to detect by antivirus software at first, but you can rest assured that threats like the TEARDROP Malware are easily detectable with the use of contemporary antivirus software. The attack against the SolarWinds company is proof that hackers can go to extreme lengths to take advantage of new malware propagation tricks. It also serves as proof that a malicious file can come from legitimate sources – you should never let your guard down when browsing the Web, and you should keep your system protected by reputable antivirus software at all times.