June 4, 2024 at 08:09AM
Malware creators are increasingly using legitimate packer apps like BoxedApp to evade detection, with a surge in usage over the past year. This has been observed especially in remote access trojans and ransomware. BoxedApp offers features that make it harder for security systems to detect malware, resulting in a high false positive rate. Check Point Research advises organizations to limit the use of BoxedApp and provides Yara signatures to help detect its abuse.
Based on the meeting notes, the key takeaways are:
1. There has been a significant increase in the abuse of legitimate, commercial packer apps by malware miscreants to evade detection, with BoxedApp being one of the most favored products for this purpose.
2. Malware strains, including remote access trojans (RATs) like Agent Tesla, AsyncRAT, QuasarRat, as well as ransomware variants and infostealers, are using BoxedApp to evade static analysis.
3. BoxedApp offers features such as virtual storage, virtual processes, and virtual registry, which make it harder for anti-malware and endpoint protection systems to detect malware running via the SDK. This has caused a spike in malicious BoxedApp samples submitted to VirusTotal.
4. The abuse of BoxedApp SDK shot up from March 2023, and it has been observed that BoxedApp tends to generate a high false positive rate when scanned by antivirus solutions.
5. Organizations are advised to limit the use of BoxedApp apps and consider leveraging controls such as signing of these applications to reduce false positive rates. Additionally, Check Point Research provides Yara signatures in its report to help detect the packer and its abuses.
6. The majority of malicious samples packed using BoxedApp were used in attacks against financial institutions and government industries, with submissions from countries including Turkey, the US, and Germany.
7. BoxedApp was approached for comment but did not immediately respond.
These takeaways provide a comprehensive understanding of the meeting discussions and the challenges posed by the abuse of BoxedApp by malware.