Malware researchers have uncovered a new tool used by the financially-motivated cybercriminal group known as FIN7 to load fresher builds of the Carbanak backdoor.
Dubbed BIOLOAD, the malware loader has a low detection rate and shares similarities with BOOSTWRITE, another loader recently identified to be part of FIN7’s arsenal.
Abusing legitimate Windows methods
The malware relies on a technique called binary planting that abuses a method used by Windows to search for DLLs required to load into a program. An attacker can thus increase privileges on the system or achieve persistence.