BTC $66491.5139
ETH $3184.3983
BNB $601.6419
SOL $155.6108
stETH $3185.1637
XRP $0.5495
DOGE $0.1586
TON $5.8776
ADA $0.5099
AVAX $38.8942
wstETH $3708.0998
WBTC $66518.7062
DOT $7.3764
WETH $3184.7962
TRX $0.1114
BCH $512.3077
LINK $15.4337
MATIC $0.7334
UNI $8.1252
ICP $14.9003
LTC $84.7276
DAI $0.9990
CAKE $2.9972
RNDR $9.1863
IMX $2.3935
STX $3.0458
NEAR $6.9983
ETC $28.0765
FDUSD $1.0009
MNT $1.2093
FIL $6.5339
TAO $511.7762
OKB $54.7486
HBAR $0.0893
VET $0.0421
KAS $0.1250
ATOM $8.8532
GRT $0.3029
PEPE $0.0000
WIF $2.8536
FET $2.4350
MKR $2854.7795
INJ $28.3839
THETA $2.3975
USDE $0.9992
XLM $0.1167
CORE $2.5851
BTC $66491.5139
ETH $3184.3983
BNB $601.6419
SOL $155.6108
stETH $3185.1637
XRP $0.5495
DOGE $0.1586
TON $5.8776
ADA $0.5099
AVAX $38.8942
wstETH $3708.0998
WBTC $66518.7062
DOT $7.3764
WETH $3184.7962
TRX $0.1114
BCH $512.3077
LINK $15.4337
MATIC $0.7334
UNI $8.1252
ICP $14.9003
LTC $84.7276
DAI $0.9990
CAKE $2.9972
RNDR $9.1863
IMX $2.3935
STX $3.0458
NEAR $6.9983
ETC $28.0765
FDUSD $1.0009
MNT $1.2093
FIL $6.5339
TAO $511.7762
OKB $54.7486
HBAR $0.0893
VET $0.0421
KAS $0.1250
ATOM $8.8532
GRT $0.3029
PEPE $0.0000
WIF $2.8536
FET $2.4350
MKR $2854.7795
INJ $28.3839
THETA $2.3975
USDE $0.9992
XLM $0.1167
CORE $2.5851
  • Catalog
  • Blog
  • Tor Relay
  • Jabber
  • One-Time notes
  • Temp Email
  • What is TOR?
  • We are in tor
  • New BatLoader malware: continuation of old campaigns or creation of a new virus?


    BatLoader is distributed through pirated applications and is similar to Conti and Zloader.

    Researchers at VMware Carbon Black have discovered BatLoader malware, whose operators use a dropper to distribute a banking trojan, infostealer, and Cobalt Strike. Malware is hosted on compromised websites that are accessed by victims using the SEO poisoning method.

    BatLoader uses PowerShell scripts to attach itself to a device and download other malware onto it. This is what made the campaign difficult to detect, especially in the early stages. Experts recorded 43 successful infections in the last 90 days.

    Here are some examples of campaign victims:

    9 victims are organizations in the field of business services;
    7 are financial companies;
    5 are production organizations.

    Organizations in the fields of education, retail trade, IT-technologies and health care became other victims.

    On November 9, eSentire discovered that the BatLoader operator was luring victims to websites masquerading as download pages for popular business software such as LogMeIn, Zoom, TeamViewer and AnyDesk. The attacker distributed links to these websites through advertisements that appeared prominently in search results when the user searched for one of these programs.

    On the site, the user downloads a Windows installer that, among other things, profiles the system and uses the information to obtain the second stage payload.

    It is noteworthy that BatLoader itself determines whether the target computer is a personal or corporate computer. It then downloads the type of malware that matches the specific device.

    For example, if BatLoader gets onto a personal computer, it downloads the Ursnif banking trojan and the Vidar infostealer. If it ends up on a corporate computer, it downloads Cobalt Strike and the Syncro remote control tool, in addition to a banking trojan and information thief.

    VMware Carbon Black said that the BatLoader campaign shares several attack chain attributes with the Conti grouping operation - the IP address and the Atera remote management tool that the Conti group used in their campaigns.

    BatLoader also shares several similarities with the Zloader banking trojan, namely the use of SEO poisoning and Windows Installer to create an initial foothold, and the use of PowerShell scripts and other OS binaries during the attack.

    Author DeepWeb
    US Department of Health warns medical organizations about Venus ransomware
    Amadey botnet deploys LockBit 3.0 ransomware on infected devices

    Comments 0

    Add comment