Microsoft and VMware are warning of a new rapidly evolving malware campaign.
The campaign formally known as ChromeLoader was first spotted in January 2022. At that time the malware was only used for hijacking the browser of victims and steal information. Overtime the malware evolved and fulfills now different purposes with different versions. The most widely spread versions are Bloom.exe and Energy.exe Lately, some versions are used to download additional malware like the enigma Ransomware or malware for click-fraud. But the most devastating payload are the ZipBombs. ZipBombs are Data compressed into a 42kb Zip-Data, when opened they decompress to an astonishing 40 petabytes and destroy the system with a flood of Data.
The malware is mainly distributed through pirated Software or malicious add campaigns which lead to a download. The mentioned download is an ISO data, a virtual disc. The ISO file is harmless and must be manually activated by a user. If a user is installing the malware, it will compromise the default browser with an addon.
Want to know more about it? Here are two sources for further information:
Cyber Resilience Act
New EU cybersecurity rules ensure safer hardware and software.
Hardware and software products are increasingly subject to successful cyberattacks, leading to an estimated global annual cost of cybercrime of €5.5 trillion by 2021. This mainly happens because of two factors: First, there is a low level of cybersecurity on a lot of products. Additionally, there is a lack of information for the users to help them choose a product with an equivalent amount of security for their needs.
While existing internal market legislation applies to certain products with digital elements, most of the hardware and software products are currently not covered by any EU legislation tackling their cybersecurity. In particular, the current EU legal framework does not address the cybersecurity of non-embedded software, even if cybersecurity attacks increasingly target vulnerabilities in these products, causing significant societal and economic costs.
In order to counteract this development, a regulation on cybersecurity requirements for products with digital elements, known as the Cyber Resilience Act, bolsters cybersecurity rules to ensure more secure hardware and software products. This is achieved by giving more responsibility to the manufacturers, who are obliged to have a framework of cybersecurity requirements governing the planning, design, development and maintenance of products and an obligation to provide security for the whole lifecycle of a product.
Further insights can be gained in these sources:
Is cybersecurity a topic of interest for your company? As an independent entity with a portfolio of proven security providers, CyberCompare can provide you with comparative offers at no charge and with no obligation. Reach out to us or use our diagnostic to learn more about your cyber risk profile.
Please remember: this article is based our knowledge at the time it was written – but we learn more every day. Do you think important points are missing or do you see the topic from a different perspective? We would be happy to discuss current developments in greater detail with you and your company’s other experts and welcome your feedback and thoughts.
And one more thing: the fact that an article mentions (or does not mention) a provider does not represent a recommendation from CyberCompare. Recommendations always depend on the customer’s individual situation.