PureCrypter Malware: A Sophisticated Spyware Campaign

Actor Uses Windows Scheduled Tasks for Persistence

“The actor is running a Windows scheduled task on victim machines–including on endpoints with a low battery–to achieve persistence,” said Talos researchers.

Anti-Detection Techniques Used by the Malware

Additionally, the attacker disconnects the victim’s machine from the network just before delivering the malware, resuming it after the drop is done. This is done to avoid detection by cloud-based antivirus programs. On top of this, the PureCrypter malware itself performs various anti-debugger, anti-analysis, anti-VM, and anti-malware checks on the victim machine, researchers added.

Language of the Attack

It is important to note that the researchers also found email samples written in English, indicating the campaign’s potential to be used outside of these geographies.

Conclusion

The PureCrypter malware campaign is a sophisticated spyware attack that uses a range of techniques to evade detection and maintain persistence on compromised systems. The actor’s use of Windows scheduled tasks, network disconnection, and anti-detection measures highlights the need for targeted and effective countermeasures to combat this threat.

FAQs

What is the primary goal of the PureCrypter malware campaign? The primary goal of the PureCrypter malware campaign is to gain persistence on compromised systems and evade detection by security software and analysts.

How does the malware achieve persistence? The malware achieves persistence by running a Windows scheduled task on the victim machine, which is designed to be executed regardless of the system’s state (e.g., battery level).

What anti-detection measures does the malware employ? The malware uses a range of anti-detection measures, including network disconnection, anti-debugger, anti-analysis, anti-VM, and anti-malware checks to evade detection.

What is the language in which the email samples were found? The email samples were found to be written in English, indicating the potential for use outside of specific geographies.