Author Topic: Beware the #SunBurst malware.  (Read 10921 times)

Offline GrDukeMalden

  • Newbie
  • *
  • Posts: 33
  • Kudos +3/-1
Beware the #SunBurst malware.
« on: December 20, 2020, 09:29:19 AM »
New malware going around that uses legitimate software to do its damage.

The setup file for the malware is 200MB, so a lot of scanners on virustotal don't detect it. The setup installs a DLL through dynamic linking that works like a backdoor.

My advice to SAP users. Disable the option in SAP to trust based on digital signature. Not name & thumbprint, just turn that setting "trust based on digital signature" off. and keep SAP in silent mode lockdown when you don't plan on installing anything, when you want to install something, switch to interactive mode and get the second opinion for every setup file.
SandboxiePlus (By Xanasoft)
I fiddle with whitelisting software.

Offline Clem

  • SecureAPlus Helpdesk Engineer
  • Jr. Member
  • *
  • Posts: 52
  • Kudos +0/-0
Re: Beware the #SunBurst malware.
« Reply #1 on: December 22, 2020, 01:18:53 PM »
Thank you GrDukeMalden, for your personal tips to the other users!