Introducing PEAKLIGHT: Better protection against malicious movie downloads on Windows

August 25, 2024
1 min read

TLDR:

Key Points:

  • Cybersecurity researchers have uncovered a new dropper known as PEAKLIGHT that targets Windows systems.
  • The dropper is disguised as a movie download and serves as a conduit to launch information stealers and loaders.

Cybersecurity researchers have discovered a new dropper called PEAKLIGHT that is being used in attacks targeting Windows systems. The dropper serves as a mechanism to launch next-stage malware with the goal of infecting systems with information stealers and loaders. The attack begins with a Windows shortcut file disguised as a pirated movie, which connects to a content delivery network hosting an obfuscated JavaScript dropper. This dropper then executes a PowerShell-based downloader script, known as PEAKLIGHT, which retrieves additional payloads from a command-and-control server. The downloader is designed to deliver next-stage malware while simultaneously downloading a legitimate movie trailer as a cover. The disclosure of this attack comes as Malwarebytes detailed a malvertising campaign using fraudulent Google Search ads to distribute a remote access trojan named SectopRAT.

Latest from Blog

Top 20 Linux Admin Tools for 2024

TLDR: Top Linux Admin Tools in 2024 Key points: Linux admin tools streamline system configurations, performance monitoring, and security management. Popular Linux admin tools include Webmin, Puppet, Zabbix, Nagios, and Ansible. Summary

Bogus job tempts aerospace, energy workers

TLDR: A North Korean cyberespionage group is posing as job recruiters to target employees in aerospace and energy sectors. Mandiant reports that the group uses fake job descriptions stored in malicious archives