Skip to main content

Stealthy malware shows why you shouldn’t open unknown emails

A new kind of malware was recently discovered that managed to slip past 56 separate antivirus products before finally getting caught.

The malware, when executed, can cause some serious damage to your device — and it seems to be so well made that it might be the product of nation-state actors. Opening an email attachment is all it takes to grant it enough entry to wreak havoc.

Hands on a laptop.
EThamPhoto / Getty Images

Unit 42, a threat intelligence team from Palo Alto, has just published a report on a piece of malware that managed to avoid detection from a massive 56 antivirus products. According to the team, the way the malware was built, packaged, and deployed is very similar to various techniques used by the APT29 threat group, also known under the names of Iron Ritual and Cozy Bear. This group has been attributed to Russia’s Foreign Intelligence Service (SVR), which indicates that the malware in question could be a nation-state affair.

According to Unit 42, the malware was first spotted in May 2022, and it was found hidden within a pretty strange file type — ISO, which is a disk image file used to carry the entire contents of an optical disc. The file comes with a malicious payload that Unit 42 believes was created using a tool called Brute Ratel (BRC4). BRC4 prides itself on being hard to detect, citing the fact that the tool’s authors reverse-engineered antivirus software in order to make the tool even stealthier. Brute Ratel is particularly popular with APT29, adding further weight to the claim that this malware could be linked to the Russia-based Cozy Bear group.

The ISO file pretends to be the curriculum vitae (resume) of someone named Roshan Bandara. Upon arrival in the recipient’s email mailbox, it doesn’t do anything, but when clicked, it mounts as a Windows drive and displays a file called “Roshan-Bandara_CV_Dialog”. At that point, it’s easy to get fooled — the file appears to be a typical Microsoft Word file, but if you click it, it executes cmd.exe and proceeds to install BRC4.

When that’s done, any number of things could happen to your PC — it all depends on the attacker’s intentions.

Unit 42 notes that finding this malware is worrying for a number of reasons. For one, there is a high probability that it is linked to APT29. Aside from the reasons listed above, the ISO file was created on the same day as when a new version of BRC4 was made public. This suggests that state-backed cyber attack actors could be timing their attacks to deploy them at the most opportune times. APT29 has also used malicious ISOs in the past, so everything seems to fall in line.

The near-undetectability is worrying in itself. For malware to be that stealthy takes a lot of work, and it suggests that such attacks could pose a real threat when used by the wrong team of people.

How can you stay safe?

A digital security lock.
zf L / Getty Images

Amidst frequent reports that cyber attacks have been on a massive rise in recent years, one can hope that many users are now more conscious of the dangers of trusting random people and their files all too much. However, sometimes these attacks come from unexpected sources and in various forms. Enormous distributed denial-of-service (DDoS) attacks happen all the time, but these are more of a problem for enterprise users. Sometimes, software that we know and trust can be used as a decoy to fool us into trusting the download. How to stay safe when danger seems to be lurking around every corner?

First of all, it’s important to realize that a lot of these large-scale cyberattacks are made to target organizations — it’s unlikely that individuals would be targetted. However, in this particular case where the malware is hidden within an ISO file that poses as a resume, it could plausibly be opened by people in various HR settings, including those in smaller organizations. Bigger businesses often have more robust IT departments that wouldn’t allow the opening of an unexpected ISO file — but you never know when something might slip through the cracks.

With the above in mind, it’s never a bad idea to follow a very simple rule that many of us still forget at times — never open attachments from unknown recipients. This can be difficult for an HR department that’s actively collecting resumes, but you, as an individual, can implement that rule into your daily life and not miss out on anything. It’s also not a bad idea to pick up one of the best antivirus software options available. However, the greatest security can be gained by simply browsing mindfully and not visiting websites that might not seem too legit as well as being cautious about your emails.

Editors' Recommendations

Monica J. White
Monica is a UK-based freelance writer and self-proclaimed geek. A firm believer in the "PC building is just like expensive…
Google is shutting down your Chromebook apps, but here’s why you shouldn’t worry
pixelbook go hands on features price photos video release date google hero

The focus of Chromebooks has always been the Chrome web browser. Apps were always an afterthought, and ever since Google introduced the Android Play Store to Chrome OS, users have had three different ways to experience apps on their Chromebooks.

First, there are Chrome Apps, which are specially packaged and run inside the Chrome web browser. These are the ones Google is shutting down, with a final shutdown date set for 2022.

Read more
FedEx drops Amazon U.S. delivery contract. Here’s why you shouldn’t care
what is prime now amazon day packages

FedEx decided to bail on renewing its contract with Amazon for U.S. domestic express deliveries. There's no change in the agreements between the two companies for international services, but FedEx chose to walk away from nearly $850 million in annual revenue.

Whether or not giving up close to a billion dollars of business is right for FedEx, what difference does the delivery company's "strategic decision" mean for your Amazon Prime orders?

Read more
There’s still time to get this HP 17-inch laptop for $260
A woman video chats with her friends on an HP Envy laptop.

Continuing from all the holiday sales excitement, HP still has a HP 17-inch laptop for $240 off bringing the price down to $260. Usually priced at $500, this is one of those laptop deals that's a great option for anyone seeking an inexpensive Windows-based laptop to take to class or similar. We're here to tell you a little more about it before you consider making your purchase. As a previous Cyber Monday deal, expect it to end pretty soon.

Why you should buy the HP 17-inch laptop
The HP 17-inch laptop keeps things simple. It has an AMD Athlon Gold 7220U processor along with 8GB of memory and 128GB of SSD storage. It won't rival the best laptops when it comes to performance, but it's well priced for what it offers. It also offers a hefty advantage for the price -- a 17-inch display. Said display has a HD+ resolution of 1600 x 900 while it also has 250 nits of brightness. While it might not be great for using in bright sunlight, it's a good call if you need more space to juggle your many windows.

Read more