Friday, July 23, 2021

Hackers abuses OBS Studio to Spread BIOPASS Malware

Must Read

Microsoft Researchers reveals 3 New Malware Strains Used by SolarWinds Hackers

Microsoft has revealed information on newly found malware the SolarWinds hackers deployed on victims' networks as second-stage payloads. FireEye and...

Google launches Cloud Armor Adaptive Protection Technologies to prevent DDoS attacks

Google LLC said now it is progressing smart automation inside its cloud network security controls within its continuing mission...

Cybercriminals are Doing Microsoft Exchange Exploitation by installing Cryptojacking

Cybercriminals continue to exploit Microsoft Exchange unpatched servers. Cybersecurity investigators at Sophos report an unknown attack after trying to...

Researchers from Trend Micro revealed a new malware dubbed BIOPASS, that abuses Open Broadcaster Software (OBS) Studio’s live-streaming app to capture the screen of its victims to attackers.

Threat actors behind the new malware planted a malicious JavaScript code on support chat pages of Chinese gambling-related sites to redirect visitors to pages offering the malicious installers.

The attack involves deceiving gaming website visitors into downloading a malware loader camouflaged as a legitimate installer for popular but deprecated apps such as Adobe Flash Player or Microsoft Silverlight, only for the loader to act as a conduit for fetching next-stage payloads.

On Friday Trend Micro researchers published an analysis of the loader revealed that it loads either a Cobalt Strike shellcode or a new Python backdoor tracked by the experts as BIOPASS RAT.

OBS Studio is open-source software for video recording and live streaming, enabling users to stream to Twitch, YouTube, and other platforms.

BIOPASS RAT is a sophisticated type of malware that is implemented as Python scripts, the researchers said. It Has basic features found in common RAT such as file system assessment, remote desktop access, file exfiltration, and shell command execution. The malware is also able to steal private information from web browsers and instant messaging clients installed on the victim’s device.


Besides featuring an array of capabilities that run the typical spyware gamut, BIOPASS is equipped to establish live streaming to a cloud service under the attacker’s control via Real-Time Messaging Protocol (RTMP), in addition to communicating with the command-and-control (C2) server using the Socket.IO protocol.

According to Trend Micro, the BIOPASS RAT could be linked to the Chinese Winnti APT group (aka APT41).

Priyanshu Vijayvargiya
Founder and Editor-in-Chief of 'Virtualattacks Inc' Priyanshu Vijayvargiya is a cybersecurity analyst, Information Security professional, developer, and a white hat hacker.


Please enter your comment!
Please enter your name here

Latest News

OAIC: Uber found to have interfered with the privacy of over 1.2 million Australians

The Office of the Australian Information Commissioner (OAIC) has determined that Uber Technologies, Inc. and Uber B.V. have interfered...

Over 80 US Municipalities data are exposed due to Misconfigured Amazon S3

A team of Cybersecurity researchers at Wizcase found major data exposure of Over 80 US Municipalities due to the Misconfigured Amazon S3 Bucket. This happened...

Formbook malware Upgraded as an XLoader malware to Attack macOS Systems

Researchers have spotted an upgraded malware variant of Formbook malware which is now Upgraded as an XLoader malware to Attack macOS Systems. Cybersecurity researchers on...

Millions of HP, Samsung, Xerox Printers are Vulnerable to 16 year old bug

A 16-year-old security vulnerability affects Millions of HP, Samsung, Xerox Printers Driver allows attackers to gain admin rights on systems using the vulnerable driver...

MosaicLoader malware targets cracked software via SEO poisoning

New MosaicLoader malware targets users that are searching to download cracked software. Cybercriminals run ad campaigns in search engine results to boost their malicious...

More Articles Like This