13 December 2019

'Waterbear' Employs API Hooking to Hide Malicious Behavior

securityweek.com

The long-standing Waterbear campaign has returned with new evasion capabilities, employing API hooking techniques to hide its network behavior from security products, Trend Micro reports.Waterbear has been associated with the BlackTech cyberespionage group, which ESET observed earlier this year abusing an ASUS update process to deliver malware. Waterbear is mainly characterized by the use of modular malware and the ability to add functionality remotely.A new Waterbear campaign, Trend Micro’s [...]