• Home
  • Services
    • Application Security
      • Web Application VAPT
      • Mobile Application Pentesting
      • Web Services & API Assessment
      • Threat Modeling
      • Secure Code Review
      • Application Architecture Review
    • Network Security
      • Network Vulnerability Assessment and Penetration Testing
      • Device Security
      • VoIP Vulnerability Assessment & Penetration Testing
      • Wireless Penetration Testing
    • Cloud Security
      • Cloud Auditing
      • Cloud Pentesting
    • Breach & Attack Simulation
      • Red Team Assessment
      • Dark Web Monitoring
      • Ransomware Simulation
      • Social Engineering
      • Assumed Breach
    • Staffing Services
      • Smart Shore Sourcing
      • Virtual CISO
  • Solutions
    • Vulnerability Management as a Service
    • Vulnerability Remediation as a Service
    • Threat Intelligence as a Service
    • DevsecOps
    • Strategic Security Solutions
  • Compliance
    • RBI Cyber Security Framework For Banks
    • SEBI Cyber Security & Cyber Resilience Framework
    • UIDAI – AUA KUA Compliance Security
    • RBI Guidelines for Payment Aggregators & Payment Gateways
    • RBI Cyber Security Framework For Urban Cooperative Banks
    • RBI Guidelines for cyber security in the NBFC Sector
    • SAR Audit
    • ISO27001
    • PCI DSS
    • GDPR
    • Hipaa Audit
    • SOC2 Assessment
  • Resources
    • Blog
    • Case studies
    • White Papers
    • Datasheets
    • Events
    • Podcast
  • Company
    • About us
    • Partners
    • Careers
  • Contact
WeSecureApp Logo (2)
  • Services
      • Application Security
          • SERVICES
          • application securityWeb Application Penetration Testing
          • Mobile Application Penetration TestMobile Application Pentesting
          • Web Services & API AssessmentWeb Services & API Assessment
          • threat-modellingThreat Modeling
          • application security - secure code reviewSecure Code Review
          • application architecture reviewApplication Architecture Review
          • RESOURCES
          • cyber security measures Top 7 cyber security measures that enterprises shouldn’t neglect
      • Network Security
          • SERVICES
          • network-1Network Vulnerability Assessment and Penetration Testing
          • Group 16753 (1)Device Security
          • telephone (1)VoIP Vulnerability Assessment & Penetration Testing
          • wireless_modem (1)Wireless Penetration Testing
          • RESOURCES
          • Web-1920-–-1-1 What is Pentesting?
      • Cloud Security
          • SERVICES
          • AwsCloud Auditing
          • cloud-pentesing-iconCloud Pentesting
          • RESOURCES
          • Cloud Security Threats Cloud Security Threats
      • Breach & Attack Simulation
          • SERVICES
          • global-securityRed Team Assessment
          • dark-webDark Web Monitoring
          • ransomware simulationRansomware Simulation
          • insights-1Social Engineering Assessment
          • assume-breach-iconAssumed Breach
          • RESOURCES
          • Hire a Red Team7+ Major Reasons to Hire a Red Team to Harden Your App Sec
      • Staffing Services
          • SERVICES
          • smart-shore-sourceSmart Shore Sourcing
          • virtual-cisoVirtual CISO
          • RESOURCES
          • selecting-penetrationtesting How to Choose a Penetration Testing Vendor Wisely?
  • Solutions
      • MANAGED SECURITY
      • vmaasVulnerability Management as a Service
      • vraasVulnerability Remediation as a Service
      • tiaasThreat Intelligence as a Service
      • devsecops-logoDevSecOps
      • SSS-logoStrategic Security Solutions
      • RESOURCE
      • worst passwordsWorld’s Worst Passwords: Is it time to change yours?
  • Compliance
      • REGULATORY COMPLIANCE
      • RBI Cyber Security Framework For BanksRBI Cyber Security Framework For Banks
      • SEBI Cyber Security & Cyber Resilience FrameworkSEBI Cyber Security & Cyber Resilience Framework
      • UIDAI – AUA KUA Compliance SecurityUIDAI – AUA KUA Compliance Security
      • RBI Guidelines for Payment Aggregators & Payment GatewaysRBI Guidelines for Payment Aggregators & Payment Gateways
      • RBI Cyber Security Framework For Urban Cooperative BanksRBI Cyber Security Framework For Urban Cooperative Banks
      • RBI Guidelines for cyber security in the NBFC SectorRBI Guidelines for cyber security in the NBFC Sector
      • SAR Audit for Data LocalizationSAR Audit for Data Localization
      • STANDARD COMPLIANCE
      • isoISO27001
      • PCI DSSPCI DSS
      • GDPRGDPR
      • HIPAAHipaa Audit
      • soc2SOC2 Assessment
      • RESOURCE
      • hipaa HIPAA: A US Federal law to protect health information
  • Resources
    • Blog
    • Datasheets
    • Case Studies
    • Whitepapers
    • Podcasts
    • Events
  • Company
    • About us
    • Partners
    • Careers
  • Contact
  • Home
  • Services
    • Application Security
      • Web Application VAPT
      • Mobile Application Pentesting
      • Web Services & API Assessment
      • Threat Modeling
      • Secure Code Review
      • Application Architecture Review
    • Network Security
      • Network Vulnerability Assessment and Penetration Testing
      • Device Security
      • VoIP Vulnerability Assessment & Penetration Testing
      • Wireless Penetration Testing
    • Cloud Security
      • Cloud Auditing
      • Cloud Pentesting
    • Breach & Attack Simulation
      • Red Team Assessment
      • Dark Web Monitoring
      • Ransomware Simulation
      • Social Engineering
      • Assumed Breach
    • Staffing Services
      • Smart Shore Sourcing
      • Virtual CISO
  • Solutions
    • Vulnerability Management as a Service
    • Vulnerability Remediation as a Service
    • Threat Intelligence as a Service
    • DevsecOps
    • Strategic Security Solutions
  • Compliance
    • RBI Cyber Security Framework For Banks
    • SEBI Cyber Security & Cyber Resilience Framework
    • UIDAI – AUA KUA Compliance Security
    • RBI Guidelines for Payment Aggregators & Payment Gateways
    • RBI Cyber Security Framework For Urban Cooperative Banks
    • RBI Guidelines for cyber security in the NBFC Sector
    • SAR Audit
    • ISO27001
    • PCI DSS
    • GDPR
    • Hipaa Audit
    • SOC2 Assessment
  • Resources
    • Blog
    • Case studies
    • White Papers
    • Datasheets
    • Events
    • Podcast
  • Company
    • About us
    • Partners
    • Careers
  • Contact
Schedule a Meeting
Awareness  ·  Cyber Threat  ·  Malware

Saint Bot Downloader – A New Cyber Threat in Making

By Naimisha 

A comparatively complicated new malware downloader has floated up in recent weeks. Even though it doesn’t appear to have been spread that extensively, it has started gaining momentum.

The Discovery

Researchers at Malwarebytes have identified the Saint Bot dropper lately. Saint Bot is used as a part of the infected chain in beleaguered campaigns against government organizations in Georgia. This malware is used to dive stealers on compromised systems, but can also be used to deliver any malware. Based on the inputs given by a security vendor, it is probable that the new loader is used by a few diverse threat actors; hence there are probably other victims too.

Saint Bot drops Taurus

One of the data stealers that Saint Bot has been seeing dropping is Taurus. Taurus is a malware tool that is designed to steal information in auto-fill forms, passwords, cookies, and browser history. Taurus is also equipped to steal system information like installed software details, configuration details, email client credentials, and commonly used FTP. As stated by Malwarebytes, though Saint Bot is generally observed dropping stealers, the dropper is actually crafted to deliver malware on a compromised system.

What are Malware Droppers?

Malware droppers are expert tools specially crafted to install diverse malware on victim systems. They are normally dispersed through phishing and spam emails that are concealed on malicious websites, infected applications, and are often a part of a wider infection chain. Many have features to detect evasion, disable security tools on an infected system, connect with command and control servers, and execute malicious commands. 

One of the most prominent recent examples of this malware is Sunburst, which was distributed to around 18,000 organizations worldwide through the SolarWinds Orion software updates. At that instance, the dropper was specifically crafted to deliver embattled payloads on systems that belonged to companies that were of special interest to the attackers. Nonetheless, typical downloaders are first-stage malware tools that are crafted to deliver a broad variety of secondary and tertiary commodity payloads, which includes crypto miners, banking Trojans, ransomware, and other malicious tools.

A few of the most extensively used droppers of recent times like the Trickbot, Dridex, and Emotet began as banking Trojans first.  Later their operators switched devices and used their Trojans as malware-delivery vehicles for other criminals.

How was Saint Bot spotted?

Investigators at Malwarebytes identified Saint Bot while they were examining a phishing email that had a zip file with malware they had not seen before. A complicated power shell script that impersonated as a link to a Bit-coin wallet was enclosed in the zip file. According to Malwarebytes, the script commenced a chain of infections that ultimately resulted in Saint Bot being dropped on the compromised system.

Malwarebytes also identified some politically motivated campaigns where Saint Bot was used as a component of the infection chain. Malwarebytes identified malicious documents that were laced with exploits that were frequently accompanied by trap files. In all the cases, Saint Bot was ultimately used to drop stealers.

How is Saint Bot Used?

Just like many other droppers, Saint Bot too is operational with quite a lot of obfuscation and anti-analysis characteristics that are crafted to aid it to avoid malware detection tools. It is crafted to discover virtual machines and in some cases to discover and not to execute on systems placed in the Commonwealth of the Independent States, which include earlier Soviet bloc countries, like Armenia, Azerbaijan, Russia, Ukraine, Moldova, and Uzbekistan.

Taurus, the data stealer to which the dropper has been mainly distributing to is crafted as not to be executed in CIS nations. Security professionals generally see such exclusion as an indication that the malware inventors are from that region.

Conclusion

Based on the inputs given by Malware bytes, even though it is not a productive threat yet, there are indications that the inventors of this malware tool are still developing it aggressively. The security vendor also mentioned that its research of the Saint Bot shows that an earlier version of this tool existed not too long ago. He further added that they are noticing new campaigns that come into view from different customers which is a sign that the malware inventor is further involved in customizing its product. Learn more

 


Cyber ThreatMalwareSaint Bot Downloader

Related Articles


Malware  ·  Threat Simulation
Protect Your Systems from Malicious Packages: What You Need to Know
cybersecurity frameworks
Cyber Security  ·  Cyber Threat  ·  Phishing
Behind the Screens: Exposing the Diverse Range of Daily Cyber Attacks
banking trojan
Awareness  ·  Cyber Threat  ·  Malware
Bizarro: A Banking Trojan Stealing Information

Leave A Reply Cancel reply

Your email address will not be published. Required fields are marked *

*

*

cloud security posture management
A Checklist for Strengthening Cloud Security Posture
Previous Article
microservices security
Implementing Security for Applications in the Era of Microservices
Next Article

Industries

BFSI

Healthcare

Government

Retail & eCommerce

Information Technology

Telecommunications

SERVICES

Application Security

Network Security

Cloud Security

Staffing Services

Threat Simulation

CERT-In Audit Services

SOLUTIONS

Managed Security

Threat Intelligence as a Service

Vulnerability Management as a Service

Vulnerability Remediation as a Service

Strategic Security Solutions

resources

Blog

Datasheets

Case studies

Podcasts

Events

company

About

Partners

Careers

CERT-InNew

White papers

Contact

Privacy Policy

WE ARE CERTIFIED

trustpilot_review
trustpilot_review

TRUST WE GAINED

trustpilot_review
GoodFirms Badge
clutch_review

© 2024 WeSecureApp. All rights reserved.

logo--facebook logo--instagram logo--linkedin logo--twitter
We use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it.Ok
Share on