A security researchers report reveals that a recently exposed malware downloader attains tenacity through lodging a new local port monitor.
Called DePriMon, thanks to its use of the “Windows Default Print Monitor” name, the malware is highly complex for the scientists to consider it a framework.
It appears that the threat has been active since at least March 2017 and was spotted in a private company based in Central Europe, as well as several computers in the Middle East.
The threat actors use various flaws from zero-day bugs including the CVE-2014-4148 Windows exploit and backdoor malware to penetrate a number if government and private institutions.
In just a few cases, the same machines were infested with both DePriMon and ColoredLambert malware, which is used by the cyber-spying group Lamberts or Longhorn.
This threat actor has been related to WikiLeaks’ Vault 7 leak, which comprises exploits and tools supposedly employed by the U.S. Central Intelligence Agency (CIA).
“DePriMon is an unusually advanced downloader whose developers have put extra effort into setting up the architecture and crafting the critical components. As a result, DePriMon is a powerful, flexible and persistent tool designed to download a payload and execute it, and to collect some basic information about the system and its user along the way,” the report concludes.