Adrian Johnson
TLDR:
Key Points:
- Cybersecurity researchers have uncovered a new dropper known as PEAKLIGHT that targets Windows systems.
- The dropper is disguised as a movie download and serves as a conduit to launch information stealers and loaders.
Cybersecurity researchers have discovered a new dropper called PEAKLIGHT that is being used in attacks targeting Windows systems. The dropper serves as a mechanism to launch next-stage malware with the goal of infecting systems with information stealers and loaders. The attack begins with a Windows shortcut file disguised as a pirated movie, which connects to a content delivery network hosting an obfuscated JavaScript dropper. This dropper then executes a PowerShell-based downloader script, known as PEAKLIGHT, which retrieves additional payloads from a command-and-control server. The downloader is designed to deliver next-stage malware while simultaneously downloading a legitimate movie trailer as a cover. The disclosure of this attack comes as Malwarebytes detailed a malvertising campaign using fraudulent Google Search ads to distribute a remote access trojan named SectopRAT.
