Key takeaways
- A South Asian financial institution was targeted with two custom malware components: a modular backdoor (BRUSHWORM) and a keylogger (BRUSHLOGGER)
- BRUSHWORM features anti-analysis checks, AES-CBC encrypted configuration, scheduled task persistence, modular DLL payload downloading, USB worm propagation, and broad file theft targeting documents, spreadsheets, email archives, and sou...
Upon analyzing BrushWorm and BrushLogger, several patterns of manipulation are evident. The article employs strawmanning by suggesting that users should not trust updates without verifying their authenticity, implying that all software updates could potentially be malicious. Additionally, there is a forced binary choice presented in the form of "trust or be vulnerable."
The authors also use emotional exploitation through fear appeals, warning readers about the dangers of these malware programs a...