In the new version of the Cerber ransomware, one of today’s most feared ransomware threat, malware coders used a new feature in their feared software called “malware factory” to create different versions of Cerber every 15 seconds to bypass security programs on the client’s side.
The ransomware scene has changed a lot since the appearance of the malware. At the beginning, no one was able to create a free decrypter until now, however, coders are using their time and resources to grow operations and evolve their malware payload.
Invincea, a security firm in the US, just reported on Cerber’s most recent mode of operation. According to the company, while they were analyzing a log file of the malware’s latest infection techniques and watching it trying to reproduce the infection chain, the analysts got a Cerber ransomware payload with a different file hash.
Retrying the infection chain after a few moments, the researchers got a third hash, and then a fourth hash, and so on. It didn’t take them long to figure out that Cerber’s CC servers were churning out Cerber binaries with different file hashes every 15 seconds. This is a clear sign of a “malware factory,” an automated malware assembly