Security researchers have uncovered a new malware, the BLISTER Malware that has, as its main function, to install additional malware on the computers it manages to infect. The BLISTER Malware affects Windows computers, where it may use a code-signing certificate to avoid a few standard security proceedings.
Since the code-signing certificate used by the BLISTER Malware developers is genuine, the conclusion of malware experts is that it was misappropriated from a trusted security company and used to get in touch with the digital identity provider Sectigo. The certificate used by the BLISTER Malware is owned by a Russian company named Blist LLC, which indicates that the people behind the BLISTER Malware may be based in Russia.
The first step of the BLISTER Malware after infecting a machine is to decipher its deliberately complicated code. Then, to keep away from sandbox analysis, the BLISTER Malware will wait ten minutes before executing the next phase of the attack. The BLISTER Malware is very persistent. It obtains this persistence by generating a new entry in the startup directory and setting down its files to the %ProgramData% folder.
Security researchers didn't uncover what is the goal of the BLISTER Malware developers. However, what they know for sure is that, apparently. it is being utilized with utilities and Remote Access Trojans (RATs) and it is attempting to seize networks' control by proliferating laterally.
Threats like the BLISTER Malware can cause a lot of harm to an infected computer. This is why is so important to have a trusted and up-to-date anti-malware tool running 24/7.