Malware Stealing Usernames And Passwords At Alarming Rates - Olmec Skip to main content

Malware Stealing Usernames And Passwords At Alarming Rates

By March 18, 2019May 19th, 2022Cybersecurity

Much discussion has been had about the fact that hackers are becoming increasingly sophisticated, and their methods ever-increasing in their complexity.  While that’s certainly true, more complex isn’t always better.

Take, for example, the malware called Separ, which is a credential-siphoning bit of code, first detected in late 2017.

Separ has benefitted from ongoing development by the hackers controlling it, but what sets it apart from other malware strains is that it’s almost deceptively simple, and that simplicity is a big part of its success.

The program is surprisingly good at evading detection, thanks to clever use of a combination of short scripts and legitimate executable files that are commonly used for completely benign purposes. This allows them to blend in and be utterly overlooked by most detection routines.

The most recent iteration of the software is embedded in a PDF.  When an unsuspecting user clicks to open the file, Separ runs a chain of other apps and file types commonly used by System Admins.  The initial double click runs a simple Visual Basic Script (VBS), which in turn, executes a batch script.

The batch script sets up several directories and copies files to them. Then it launches a second batch script, which opens a decoy image to high command windows, lowers firewall protections, and saves the changes to an ‘ipconfig’ file.

Then, it gets down to its real work, again, relying on completely legitimate executables to collect passwords and move them to the hackers’ command and control server.

According to Guy Propper, (the team lead of Deep Instinct’s Threat Intelligence group):

“Although the attack mechanism used by this malware is very simple, and no attempt has been made by the attacker to evade analysis, the growth in the number of victims claimed by this malware shows that simple attacks can be very effective. The use of scripts and legitimate binaries, in a ‘living off the land’ scenario, means the attacker successfully evades detection, despite the simplicity of the attack.”

Be sure your IT staff aware.  It’s not always the most complex forms of malware that can get you.

Chris Forte

Chris Forte, President and CEO of Olmec Systems, has been in the MSP workspace for the past 25 years. Chris earned his Master’s Degree from West Virginia University, graduating Magna Cum Laude. He was a past member of the Entrepreneurs’ Organization, a current member of the New Jersey Power Partners and Executive Association of New Jersey, where he has previously served on its board of directors. In his spare time, Chris enjoys traveling with his family. He also admits to being a struggling golfer and avid watcher of college football and basketball. He currently lives in Boonton Township, NJ with his wife, two daughters, son, and black lab Luna.