"Hackers Using Self-Extracting Archives Exploit for Stealthy Backdoor Attacks"

Using a malicious Self-Extracting Archive (SFX) file, an unknown threat actor attempted to establish persistent backdoor access to a victim's environment, according to new CrowdStrike findings. SFX files can extract the data within them without the need for dedicated software to display the file contents. It does this by including a decompressor stub, which is a piece of executable code used to unpack the archive. However, SFX files may also have hidden malicious functionality that may not be apparent to the file's recipient and could be overlooked by technology-based detections, according to CrowdStrike researcher Jai Minton. In the incident investigated by the cybersecurity firm, compromised credentials were used to run a legitimate Windows accessibility application called Utility Manager and then a password-protected SFX file. This article continues to discuss the use of malicious SFX files to establish persistent backdoor access to a victim's environment.

THN reports "Hackers Using Self-Extracting Archives Exploit for Stealthy Backdoor Attacks"