"RomCom Malware Resurfaces With SnipBot Variant"

The cyber espionage malware called "RomCom," which targeted the Ukraine military and its supporters last year, has returned with a new variant. It uses valid code-signing certificates to evade detection. Attackers can execute commands and download more malicious files in a multi-stage attack. The variant, dubbed "SnipBot" by researchers at Palo Alto's Unit 42, has been spreading since December. The malware, based on RomCom 3.0., also shares techniques seen in RomCom 4.0, thus making it the fifth version of the original RomCom Remote Access Trojan (RAT) family.

Dark Reading reports "RomCom Malware Resurfaces With SnipBot Variant"

Submitted by grigby1