Advanced system data gathering and command-and-control communications capabilities have been integrated into the novel Jellyfish Loader malware, reports The Cyber Express.
Attackers have leveraged a malicious ZIP archive file with a Windows shortcut, which when executed triggers a clean PDF file and eventually runs Jellyfish Loader, a Cyble Research and Intelligence Labs analysis showed. Such a .NET-based shellcode loader, which was found to have similarities with the Olympic Destroyer, enabled asynchronous operations via the AsynTaskMethodBuilder and utilized Fody- and Costura-embedded dependencies to facilitate the exfiltration of critical system details and delivery of more malicious payloads without being detected by security systems, according to researchers. Organizations have been urged to protect themselves from the emerging Jellyfish Loader threat by ensuring the implementation of robust antivirus and anti-malware systems, network segmentation, persistent network monitoring, SSL/TLS inspection, and application whitelisting, as well as strengthening partnerships with other members of the security community.
