2024-10-30 Lunar Spider's Latrodectus JS loader samples - #TA578
The recent surge in Latrodectus malware activity highlights its rapid evolution and sophisticated evasion techniques, demonstrating its emergence as a successor to IcedID. Originating in October 2023, Latrodectus has undergone numerous updates, including advanced encryption methods, sandbox evasion, and the ability to act as a downloader for other malware like QakBot and DarkGate. Notably, Latrodectus is employed by threat actors TA577, TA578, and LUNAR SPIDER, with distribution via phishing campaigns, malvertising, and SEO poisoning. It leverages tools such as Brute Ratel C4 to bypass endpoint detection and response solutions and employs deceptive methods to appear as legitimate software. The malware's persistence and communication with command-and-control servers underline the need for robust cybersecurity measures, including multi-layered defenses and continuous updates to security tools, to mitigate the risk posed by this evolving threat.