"MalVirt: Malvertising Attacks Are Distributing .Net Malware Loaders"

Malvertising attacks are being used to spread highly obfuscated virtualized .NET loaders that drop information-stealing malware. According to threat researchers at SentinelOne's SentinelLabs, the loaders, called MalVirt, are implemented in .NET and use virtualization through the KoiVM virtualizing protection solution for .NET applications. The KoiVM tool helps in obscuring the implementation and execution of MalVirt loaders, which are distributing the Formbook information-stealing malware collection as part of an ongoing campaign. Formbook and the more recent XLoader version pose various threats, such as keylogging, screenshot theft, credential theft, and malware staging. This article continues to discuss findings surrounding the MalVirt malvertising campaign. 

The Register reports "MalVirt: Malvertising Attacks Are Distributing .Net Malware Loaders"