Saint Bot

25th April 2021, Kathmandu

With the rapid technological advancement in the cybercrime realm, attackers are coming up with new ways of quickly developing and deploying sophisticated malware. Recently, security researchers identified a new malware dubbed Saint Bot that has made a name for itself in a short time.

Analysts from Malware bytes discovered a new phishing campaign, aimed at delivering a credential stealer and other malware.

  • The malicious emails carry a zip file attachment (bitcoin.zip), luring the victim with a chance of getting access to a Bitcoin wallet while initiating a chain of infection that eventually leads to downloading Saint Bot.
  • The zip file contains a malicious PowerShell script, which tries to download the next stage malicious payloads from the embedded link consisting of several executable files.
  • Current samples of Saint Bot were observed dropping Taurus Stealer or other AutoIt-based stealers, although its design indicates that it is capable of delivering other kinds of malware as well.

Saint Bot is equipped with several techniques that are usually seen only in mature malware code. Advanced techniques such as code obfuscation, process injection, and anti-analysis have been employed across several stages of the infection cycle.

So far, the experts haven’t associated this downloader with any threat group. However, it was suggested that the developers of Saint Bot could have previous experience of designing malware. Will the malware survive or disappear in some time? The malware’s future cannot be ascertained right now as it depends on the actors behind it. Security professionals are advised to keep an eye on this evolving malware and keep a track of its activities.

LEAVE A REPLY

Please enter your comment!
Please enter your name here