New Peaklight Dropper Released in Attacks on Windows Through Malicious Movie Downloads

Published:

spot_img

Uncovering a New Dropper: PEAKLIGHT Malware Threat Intelligence – Aug 23, 2024 by Ravie Lakshmanan

In a recent discovery, cybersecurity researchers have identified a new dropper that acts as a pathway to launch advanced malware aimed at infecting Windows systems with information stealers and loaders. The dropper, known as PEAKLIGHT, decrypts and executes a PowerShell-based downloader, facilitating the delivery of malware strains like Lumma Stealer, Hijack Loader, and CryptBot under the malware-as-a-service model.

The attack chain commences with the distribution of Windows shortcut (LNK) files disguised within ZIP archives posing as pirated movies. When users unknowingly download these files through drive-by download methods, a memory-only JavaScript dropper hosted on a content delivery network (CDN) is triggered. This dropper executes the PEAKLIGHT PowerShell downloader script, which then connects to a command-and-control (C2) server to retrieve additional payloads.

The researchers at Mandiant have observed various iterations of the LNK files leveraging wildcards and encoding techniques to discreetly run malicious code retrieved from remote servers. The droppers embed PowerShell payloads encoded in hex or Base64 formats, aiming to deploy PEAKLIGHT for delivering next-stage malware while simultaneously downloading a legitimate movie trailer to mask the malicious activity.

According to Mandiant researchers Aaron Lee and Praveeth D’Souza, PEAKLIGHT operates as an obfuscated PowerShell-based downloader that forms part of a multi-stage execution chain. The researchers caution users to remain vigilant against such threats, especially as Malwarebytes recently disclosed a malvertising campaign utilizing fake Google Search ads for Slack to distribute a remote access trojan named SectopRAT.

This revelation underscores the evolving landscape of cyber threats and the need for enhanced vigilance and security measures to combat such sophisticated attacks. Stay tuned for more updates on cybersecurity developments.

spot_img

Related articles

Recent articles

AI Transitions from Assisting Cyberattacks to Executing Them: Annual Report Reveals Alarming Shift

AI Transitions from Assisting Cyberattacks to Executing Them: Annual Report Reveals Alarming Shift In a significant development for cybersecurity, Check Point Software has released its...

Securonix Appoints Toby Weiss as CEO, Advancing Security Operations Amid Growing Threat Landscape

Securonix Appoints Toby Weiss as CEO, Advancing Security Operations Amid Growing Threat Landscape Securonix has announced the appointment of Toby Weiss as its new Chief...

India’s Largest Cybercrime Conference Approaches: FutureCrime Summit 2026 Scheduled for 6–7 August at Bharat Mandapam

India's Largest Cybercrime Conference Approaches: FutureCrime Summit 2026 Scheduled for 6–7 August at Bharat Mandapam The FutureCrime Summit 2026 is set to take place at...

EU and UK Attribute Cyberattack on Poland to FSB, Strengthen Sanctions Against Russian Entities

EU and UK Attribute Cyberattack on Poland to FSB, Strengthen Sanctions Against Russian Entities A recent cyberattack targeting Poland's critical infrastructure has been officially linked...