Security researchers warn that malware developers are adopting a handy obfuscation tool to get malware past antiviruses.
SeroXen Malware Latest
SeroXen is a fileless Remote Access Trojan (RAT) that excels in evading detection through both static and dynamic analysis methods. SeroXen appeared in late 2022, retailing for $30 per month. It’s a variant of the established Quasar RAT, AT&T said.
A batch file obfuscation engine known as BatCloak requires minimal programming skills to use. Among its recent successes is a recent remote access Trojan dubbed SeroXen that researchers from multiple firms said resists detection by antivirus and endpoint detection and response tools.
TrendMicro published the analysis of hundreds of infected batch file samples taken from a public repository, concluded that BatCloak shielded 80% of the files from detection by security software.
SeroXen binds variables together in order to execute a command – a method used by malware developers to avoid detection malicious commands. Finally, it uses obfuscated PowerShell commands to decrypt and deliver a .NET loader.
SeroXen concatenates variables together to execute a command – a method malware coders use to prevent malicious commands from detection. It ultimately uses obfuscated PowerShell commands to decrypt and deliver a
.bat loader first came to researchers’ attention as the obfuscation engine of Jlaive, an open-source batch file builder that began circulating among hackers in 2022.