BrushaLoader Still Sweeping Up Victims One Year Later (Jul 22, 2019)
Proofpoint researchers have published their research conducted on the downloader called “BrushaLoader” and found that malware actors are utilizing this tool in attempts to be more stealthy in their malicious operations. BrushaLoader, which first appeared in June 2018, is distributed malspam emails with containing malicious attachments, typically compressed VBS attachments. The malware is used by threat actors to download other payloads onto an infected machine, taking advantage of the fact that BrushaLoader has relatively effective in previous campaigns.
Recommendation: Malspam is a constant threat used by malicious actors who are consistently changing the themes of the messages to trick unsuspecting recipients. Anti-spam and antivirus application provided from trusted vendors should be employed in addition to educating your employees to identify such attempts.
Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.