ShellClient Malware Targets Aerospace Industry Since 2018

foudre malware

ShellClient Malware is a newly discovered Remote Access Trojan that, however, has been in use for over two years. The criminals behind it are tracked under the alias MalKamak, and this particular campaign focuses on espionage. The malicious threat actors went after major companies and institutions active in Europe, Russia, the United States, and the Middle East. The spectacular thing about ShellClient Malware is that because of its low activity and clever design, it managed to stay under the radar for over two years before it was finally identified and dissected. It appears that the primary targets of the ShellClient Malware were parts of the Aerospace and Telecommunications industry.

ShellClient Malware Underwent Major Changes in 2 Years

The latest build of the ShellClient Malware daters back to May 2021 – this is a sure sign that its developers have been regularly releasing updates for their payload. Naturally, all active instances of the malware were automatically updated to the latest available version. Another peculiar thing about this campaign is that the hackers disguised the malware as the legitimate RuntimeBroker.exe process. The latter process is a legitimate Windows component that handles Microsoft Store app permissions.

Another important thing to add about the ShellClient Malware is that its initial variant was much more minimalistic. In fact, it functioned as a basic reverse shell that enabled attackers to execute remote commands. However, over a two year period, it underwent major changes turning it into a fully-fledged, modular Remote Access Trojan.

Since espionage is this threat's primary focus, its main features involve remote code execution and data exfiltration. As mentioned above, it has an auto-update feature and a modular structure, thus enabling the operators to easily manage the implant.

October 7, 2021
Loading...

Cyclonis Backup Details & Terms

The Free Basic Cyclonis Backup plan gives you 2 GB of cloud storage space with full functionality! No credit card required. Need more storage space? Purchase a larger Cyclonis Backup plan today! To learn more about our policies and pricing, see Terms of Service, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Cyclonis Password Manager Details & Terms

FREE Trial: 30-Day One-Time Offer! No credit card required for Free Trial. Full functionality for the length of the Free Trial. (Full functionality after Free Trial requires subscription purchase.) To learn more about our policies and pricing, see EULA, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.