A newly discovered malware, named PLAYFULGHOST, is causing concern among cybersecurity experts due to its versatile capabilities for data theft and system compromise. According to researchers, this malware employs techniques such as screen and audio capture, keylogging, remote shell access, and file transfer, enabling threat actors to launch further attacks.
PLAYFULGHOST is primarily delivered through phishing emails or SEO poisoning techniques, which distribute trojanized VPN applications. Once executed, it establishes persistence using four methods: the run registry key, scheduled tasks, Windows startup folder, and Windows services. This persistence allows the malware to collect a vast array of data, including keystrokes, screenshots, system metadata, clipboard content, and QQ account details, as well as information on installed security products.
The malware also exhibits advanced functionalities such as deploying additional payloads, blocking mouse or keyboard inputs, clearing event logs, deleting cache and browser profiles, and wiping messaging app data. Notably, it can use Mimikatz, a tool for extracting passwords, and a rootkit to conceal registry entries, files, and processes. PLAYFULGHOST further utilizes Terminator, an open-source utility, to disable security processes via a BYOVD (Bring Your Own Vulnerable Driver) attack.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: