New SLUB Backdoor Uses GitHub, Communicates via Slack
released on 2019-03-07 @ 02:41:40 PM
We recently came across a previously unknown malware that piqued our interest in multiple ways. For starters, we discovered it being spread via watering hole attacks, a technique that involves an attacker compromising a website before adding code to it so visitors are redirected to the infecting code. In this case, each visitor is redirected only once. The infection was done by exploiting CVE-2018-8174, a VBScript engine vulnerability that was patched by Microsoft back in May 2018.