Remove VaporRage Malware

tonnerre malware

Nobelium, or APT29, is a cybercrime organization believed to operate from Russia. They gained popularity in the beginning of 2021 because of their attack against the SolarWinds software vendor. For this campaign, the criminals managed to execute a complicated supply-chain attack, which went on unnoticed for months. Just a few months after the SolarWinds attack was discovered and neutralized, the Nobelium hackers are back with four malware families, which are being delivered to their victims through phishing emails. Surprisingly, the criminals have managed to compromise email addresses owned by the U.S. Agency for International Development – this makes the attack much more dangerous since victims are likely to think the emails are legitimate.

Once the phishing email is delivered, the recipient is urged to download a malicious email attachment, which starts a multi-stage attack that involves multiple malware families. The first payload is EnvyScout, followed by BoomBox and NativeZone, and ending with the VaporRage implant.

The VaporRage Malware is the last piece of the puzzle, and it is designed to stay hidden on the compromised machine and regularly connect to a remote control server to exchange information and code to execute. Instead of relying on remote command execution, the Nobelium hackers have opted to deploy pre-made shellcode that the VaporRage malware then executes. In addition to this, VaporRage sometimes dropped a copy of the Cobalt Strike beacon to grant the criminals more control over the compromised system.

Unfortunately, it looks like the recent attack of the Nobelium hackers is still ongoing, and it might expand its reach even more in the next few weeks. Users and companies can stay safe by relying on anti-malware software and following the latest safe Web browsing practices.

June 1, 2021
Loading...

Cyclonis Backup Details & Terms

The Free Basic Cyclonis Backup plan gives you 2 GB of cloud storage space with full functionality! No credit card required. Need more storage space? Purchase a larger Cyclonis Backup plan today! To learn more about our policies and pricing, see Terms of Service, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Cyclonis Password Manager Details & Terms

FREE Trial: 30-Day One-Time Offer! No credit card required for Free Trial. Full functionality for the length of the Free Trial. (Full functionality after Free Trial requires subscription purchase.) To learn more about our policies and pricing, see EULA, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.