"New BLISTER Malware Update Fueling Stealthy Network Infiltration"
Threat actors are using an updated version of a malware loader known as BLISTER in SocGholish infection chains to distribute an open-source command-and-control (C2) framework called Mythic. According to Elastic Security Labs researchers, the new BLISTER update includes a keying feature that enables precise targeting of victim networks and reduces exposure within Virtual Machine (VM)/sandbox environments. In December 2021, the company discovered BLISTER serving as a conduit for distributing Cobalt Strike and BitRAT payloads on compromised systems. In July 2023, Palo Alto Networks Unit 42 disclosed the use of the malware alongside SocGholish, also known as FakeUpdates, a JavaScript-based downloader malware, to deliver Mythic. In an attempt to bypass security software and infiltrate victim environments, BLISTER is embedded within a legitimate VLC Media Player library in these attacks. This article continues to discuss findings regarding the new BLISTER malware update.
THN reports "New BLISTER Malware Update Fueling Stealthy Network Infiltration"