Dangerous new CoffeeLoader malware executes on your GPU to get past security tools
techradar.com
- Security researchers Zscaler found a new loader used in different infostealing campaigns
- CoffeeLoader uses multiple tricks to bypass security and drop additional payloads
- Interestingly enough, it executes the code on the system’s GPU
Security researchers have found a dangerous new malware loader that can evade traditional endpoint detection and response (EDR) solutions in a clever and concerning way.
Researchers from Zscaler ThreatLabz said they recently observed CoffeeLoader in the wild, describing it as a “sophisticated” malware loader.
For detection evasion, CoffeeLoader uses a number of features, including call stack spoofing, sleep obfuscation, and the use of Windows fibers, the researchers said. Call stacks can be described as a digital breadcrumb trail that records which functions a program has called. Security tools can use call stacks to track program behavior, and detect suspicious activity. CoffeeLoader, however, hides its tracks by forging a fake breadcrumb trail.
Copyright of this story solely belongs to techradar.com . To see the full text click HERE