Attackers Distribute Malware via Freeze.rs And SYK Crypter
09-Aug-23
One of the fastest-growing programming languages, Rust, was used to create a new injector that could inject shellcode and bring the XWorm into the environment of a victim, according to FortiGuard Labs. Although Rust is not commonly used in malware creation, numerous campaigns, notably Buer loader, Hive, and RansomExx, have started using it as of 2019.
Additionally, FortiGuard Labs data showed a sharp rise in injector activity in May 2023. In order to avoid antivirus detection, shellcode can be Base64-encoded and can use encryption algorithms like AES, RC4, or LZMA. We located the source of this new injector in the Red Team program “Freeze.rs,” which was created to produce payloads able to circumvent EDR security restrictions, by looking at the encoded algorithms and API names.
