Yoroi-Cybaze Experts: An attacker can execute arbitrary code on the target device by taking control of it without authentication. In addition, there is currently no patch.
Yoroi-Cybaze Zlab cyber security experts: It has been designed to hit High-Value targets, and probably is still under development. It uses extensively obfuscation anti-reverse techniques.
Marco Ramilli, cyber security expert and Yoroi founder: The attacker, pretended to be a customer, sent to victims an email containing Microsoft XLS file, without Macro but with hidden malware.
Yoroi-Cybaze ZLab cyber security experts: It’s compiled for Linux. The malware is targeting hundred of thousand WordPress powered websites, and part of them are related to Italy.
Yoroi-Cybaze ZLAB cyber security experts: It doesn’t rely on standard communication interfaces, suggesting increased level of customization. It leverages Java Instrumentation techniques.
Cybaze-Yoroi ZLAB cyber security experts: The campaign shows the Matryoshka structure to chain SFX archives, typical of APT implant, and the use of a legit third party RAT as payload.
Yoroi-Cybaze cyber security experts: They are “The Broken Doc”, “Hide Payload with Office Developer Mode”, and “Spoofed Signature”or “Certificate Spoofing”.