A new cyber threat group known as BatShadow has emerged, targeting job seekers and digital marketing professionals with a novel malicious software dubbed Vampire Bot. This group, believed to be operating from Vietnam, employs social engineering tactics that deceive individuals into downloading harmful files disguised as legitimate job descriptions and corporate documents.
According to researchers from Aryaka Threat Research Labs, the malware campaign involves attackers impersonating recruiters who distribute ZIP archives containing decoy PDF documents alongside malicious executable files masked as PDFs. When unsuspecting victims open these files, it initiates a chain of events that infects their systems with Go-based malware.
The infection process begins when a malicious shortcut file activates a PowerShell script. This script then reaches out to an external server to download a PDF document linked to a marketing job at Marriott. Additionally, it retrieves a ZIP file that involves XtraViewer—software used for remote desktop connections—aimed at providing the attackers with persistent access to the compromised devices.
Victims clicking on the lure PDF are directed to a deceptive landing page that falsely claims their browser is unsupported and guides them to use Microsoft Edge for the download. This tricky maneuver capitalizes on specific browser functionalities that can bypass standard security measures, allowing the infection to proceed under the guise of a legitimate user action.
Should the victims follow through with the prompted steps in Edge, they encounter yet another layer of deception, receiving an error message instructing them that the PDF viewer is down and that the file will be auto-downloaded. This results in the downloading of a malicious executable cleverly named to appear like a PDF.
Vampire Bot, the resulting malware, can profile the infected system, exfiltrate sensitive information, take screenshots, and communicate with an attacker-managed server to execute commands and download additional payloads.
Previous investigations have linked BatShadow to ongoing cyber campaigns tied to various Vietnamese threat actors, known for taking advantage of job seekers and marketers through similar tactics employing socially engineered documents and stealthy malware deliveries. Researchers have noted that this group continues to escalate its efforts, utilizing sophisticated methods to entrap the unwary.
Welcome to DediRock, your trusted partner in high-performance hosting solutions. At DediRock, we specialize in providing dedicated servers, VPS hosting, and cloud services tailored to meet the unique needs of businesses and individuals alike. Our mission is to deliver reliable, scalable, and secure hosting solutions that empower our clients to achieve their digital goals. With a commitment to exceptional customer support, cutting-edge technology, and robust infrastructure, DediRock stands out as a leader in the hosting industry. Join us and experience the difference that dedicated service and unwavering reliability can make for your online presence. Launch our website.