Saturday, October 16, 2021

Hackers abuses OBS Studio to Spread BIOPASS Malware

Must Read

Chinese hacking group IndigoZebra APT Targets Afghan Government

IndigoZebra APT Targets Afghan Government With fake email and abusing Dropbox API to Mask malicious traffic.On Thursday, Check Point...

Google Project Zero giving The 30-day grace period for user patch adoption

Google Project Zero will be shifting from a fairly hard 90-day deadline to a new model that incorporates a...

Hackers demand ransom after a cyber attack on the laboratory in Antwerp

Hoboken's medical laboratory, Het Algemeen Medisch Laboratorium (AML), was the victim of a cyber attack on Monday. The hackers...

Researchers from Trend Micro revealed a new malware dubbed BIOPASS, that abuses Open Broadcaster Software (OBS) Studio’s live-streaming app to capture the screen of its victims to attackers.

Threat actors behind the new malware planted a malicious JavaScript code on support chat pages of Chinese gambling-related sites to redirect visitors to pages offering the malicious installers.

The attack involves deceiving gaming website visitors into downloading a malware loader camouflaged as a legitimate installer for popular but deprecated apps such as Adobe Flash Player or Microsoft Silverlight, only for the loader to act as a conduit for fetching next-stage payloads.

On Friday Trend Micro researchers published an analysis of the loader revealed that it loads either a Cobalt Strike shellcode or a new Python backdoor tracked by the experts as BIOPASS RAT.

OBS Studio is open-source software for video recording and live streaming, enabling users to stream to Twitch, YouTube, and other platforms.

BIOPASS RAT is a sophisticated type of malware that is implemented as Python scripts, the researchers said. It Has basic features found in common RAT such as file system assessment, remote desktop access, file exfiltration, and shell command execution. The malware is also able to steal private information from web browsers and instant messaging clients installed on the victim’s device.


Besides featuring an array of capabilities that run the typical spyware gamut, BIOPASS is equipped to establish live streaming to a cloud service under the attacker’s control via Real-Time Messaging Protocol (RTMP), in addition to communicating with the command-and-control (C2) server using the Socket.IO protocol.

According to Trend Micro, the BIOPASS RAT could be linked to the Chinese Winnti APT group (aka APT41).

Priyanshu Vijayvargiya
Founder and Editor-in-Chief of 'Virtualattacks Inc' Priyanshu Vijayvargiya is a cybersecurity analyst, Information Security professional, developer, and a white hat hacker.

Leave a reply

Please enter your comment!
Please enter your name here

Latest News

Unified endpoint management automation software to boost endpoint security

Endpoints are constantly connected to the internet, so they offer a gateway for cyberattacks. Endpoint security is simply the process...

Attackers Using Morse Code in phishing campaign to Evade Detection

Microsoft on Thursday revealed the techniques used by attackers to avoid detection using morse code in the phishing campaign.Microsoft also revealed the workings of...

Murata Manufacturing suffers data breach of employees and customer

Japanese electronic components manufacturer Murata has released an apology Notice for the data breach of thousands of files in June that contained bank account...

Everything about Signalling System 7(SS7)

Signaling System 7 (SS7) is an international telecommunication protocol standard that controls and regulates the network elements in a public switched telephone network (PSTN)....

Zimbra flaw lets attackers access the mail servers

Researchers discovered a flaw in the open-source Zimbra code. As a result, an attacker would gain unrestricted access to all sent and received emails...

More Articles Like This