"New Attack Alert: Freeze[.]rs Injector Weaponized for XWorm Malware Attacks"

Malicious actors are using a legitimate Rust-based injector called Freeze[.]rs to launch the commodity malware XWorm. The attack chain, discovered by Fortinet FortiGuard Labs on July 13, 2023, begins with a phishing email containing a malicious PDF file. It has also been used to introduce the Remcos Remote Access Trojan (RAT) by means of the SYK Crypter cipher, which Morphisec first documented in May 2022. Cara Lin, a security researcher, noted that this file redirects to an HTML file and uses the 'search-ms' protocol to access an LNK file on a remote server. Once the LNK file is clicked, a PowerShell script executes Freeze[.]rs and SYK Crypter in order to carry out additional malicious actions. Freeze[.]rs is an open-source red teaming tool from Optiv that serves as a payload creation tool for bypassing security solutions and executing shellcode stealthily. This article continues to discuss the use of the Freeze[.]rs by malicious actors for XWorm malware attacks. 

THN reports "New Attack Alert: Freeze[.]rs Injector Weaponized for XWorm Malware Attacks"