This new "custom" malware hits your device with specially-designed attacks

News
By published

Sometimes it takes screenshots, and sometimes it steals data

Magnifying glass enlarging the word 'malware' in computer machine code
(Image credit: Shutterstock)

Cybersecurity researchers from Proofpoint have uncovered a brand new, custom-built malware being used by threat actors to deliver a wide variety of specifically tailored stage-two attacks.

These payloads are capable of different things, from espionage to data theft, making the attacks even more dangerous due to their unpredictability. 

The researchers, who dubbed the campaign Screentime, say it is being conducted by a new threat actor labeled TA866. While it’s a possibility that the group is already known to the wider cybersecurity community, no one has yet been able to link it to any existing groups or campaigns.

Protecting your business from the biggest threats online

Protecting your business from the biggest threats online
Perimeter 81's Malware Protection intercepts threats at the delivery stage to prevent known malware, polymorphic attacks, zero-day exploits, and more. Let your people use the web freely without risking data and network security.

Preferred partner (What does this mean?) 

View Deal

Espionage and theft

Proofpoint describes TA866 as an “organized actor able to perform well-thought-out attacks at scale based on their availability of custom tools, ability and connections to purchase tools and services from other vendors, and increasing activity volumes”.

The researchers also suggest that the threat actors might be Russian, as some variable names and comments in parts of their stage-two payloads were written in the Russian language. 

In Screentime, TA866 would send out phishing emails, trying to get victims to download the malicious payload called WasabiSeed. This malware establishes persistence on the target endpoint, and then delivers different stage-two payloads, depending on what the threat actors deem appropriate at the time. 

Read more

> A nasty new infostealer malware is landing in email inboxes

> This infostealer has a vicious sting for Python developers

> Check out the best ID theft protection right now

Sometimes, it would deliver Screenshotter, malware with a self-explanatory name, while other times, it would deliver AHK Bot, an infinite loop component delivering Domain profiler, Stealer loader, and the Rhadamanthys stealer. 

Generally speaking, the group seems to be financially motivated, Proofpoint argues. However, there were instances that led the researchers to believe that the group is also sometimes interested in espionage. It targeted mostly organizations in the United States, and Germany. It’s indiscriminate in terms of verticals - the campaigns affect all industries.

The earliest signs of Screentime campaigns were seen in October 2022, Proofpoint said, adding that the activity continued into 2023, as well. In fact, in late January this year, the researchers observed “tens of thousands of email messages” targeting more than a thousand organizations. 

TOPICS
Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
A digital representation of a lock
Security experts are being targeted with fake malware discoveries
A concept image of someone typing on a computer. A red flashing danger sign is above the keyboard and nymbers and symbols also in glowing red surround it.
These fake macOS updates are actually just looking to spread malware
Ransomware
Microsoft uncovers sleuthy new XCSSET MacOS malware campaign
Illustration of a laptop with a magnifying glass exposing a beetle on-screen
This devious macOS malware is evading capture by using Apple's own encryption
Hands typing on a keyboard surrounded by security icons
Infostealers on the rise: the latest concern for organizational defenses
Fraud
Hackers are tricking victims into scam-yourself attacks with fake tutorials, CAPTCHAs, and updates
Latest in Security
Data Breach
Thousands of healthcare records exposed online, including private patient information
China
Juniper patches security flaws which could have let hackers take over your router
Representational image depecting cybersecurity protection
GitLab has patched a host of worrying security issues
Ai tech, businessman show virtual graphic Global Internet connect Chatgpt Chat with AI, Artificial Intelligence.
AI agents can be hijacked to write and send phishing attacks
China
Volt Typhoon threat group had access to American utility networks for the best part of a year
Abstract image of cyber security in action.
MassJacker malware targets those looking for pirated software
Latest in News
Google Pixel 8a in aloe green showing
Google Pixel 9a benchmark link teases the performance of the upcoming mid-ranger
Quordle on a smartphone held in a hand
Quordle hints and answers for Monday, March 17 (game #1148)
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Monday, March 17 (game #379)
NYT Connections homescreen on a phone, on a purple background
NYT Connections hints and answers for Monday, March 17 (game #645)
Apple iPhone 16 Pro HANDS ON
Leaked iPhone 17 dummy units may have given us our best look yet at all four models
A super close up image of the Google Gemini app in the Play Store
It's official: Google Assistant will be retired for phones this year, with Gemini taking over
More about security
Money

Financial leaders still rely on regular tools like Excel for automation tasks over AI
Half man, half AI.

Generative AI has a long way to go as siloed data and abuse of its capacity remain a downside – but it does change the game for security teams
Poco F6 Pro in white from the back showing its Camera array and branding

For a mid-range handset, the Poco F6 Pro is premium in more ways than one, but I found it hard to ignore some of its key pitfalls
See more latest
Most Popular
BraX3
This obscure brand wants to launch the most privacy-friendly smartphone ever without Google, but with a mysterious open-source OS at its core
HAMR
Seagate reportedly sold two billion GBs worth of storage to two of the world's largest tech companies
Google Pixel 8a in aloe green showing
Google Pixel 9a benchmark link teases the performance of the upcoming mid-ranger
NYT Connections homescreen on a phone, on a purple background
NYT Connections hints and answers for Monday, March 17 (game #645)
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Monday, March 17 (game #379)
Quordle on a smartphone held in a hand
Quordle hints and answers for Monday, March 17 (game #1148)
Oracle
Bluehost owner is moving to Oracle Cloud, so could thousands of websites be about to migrate?
Money
Financial leaders still rely on regular tools like Excel for automation tasks over AI
Two examples of the Asus Fragrance Mouse MD101 sitting on a table
Your next computer mouse could have a fragrance compartment for aromatherapy oils – and this Asus idea is nothing to sniff at
Apple iPhone 16 Pro HANDS ON
Leaked iPhone 17 dummy units may have given us our best look yet at all four models