Devices and operating systems change over time, and as they do, some of the malware floating around the web becomes obsolete, unable to infiltrate new defenses or drop their payloads on more complex machines. Thus, every few years, malware creators need to make a decision: allow outdated malware to die or update it for the next generation?
Just as movie studios seem eager to revamp old franchises for young audiences, so do malware authors like to revitalize outdated malware for new devices. Yet, instead of an emotional female Jedi or a spunky, caffeine-addled Pikachu, device s have to be wary of StarsLord, a powerful loader-type malware that is the latest malware pose a threat.
What Is StarsLord?
Before we can tackle StarsLord’s unique properties, it is important to grasp the category of malware that this attack falls into. Loader-type malware is like the aircraft carriers of malicious applications: While they can have weapons built-in, they more often house other vehicles used for the attack.
In other words, loaders are designed to sneak onto a target device and then deploy all sorts of other malicious executables, usually sourced from an attacker-controlled server. Sometimes, loaders are described as remote-access Trojans because they rarely seem dangerous to legitimate s and they give attackers control over a compromised device — which is what brings us back to StarsLord.
StarsLord, also called StarsLoad and sLoad for short, is a PowerShell-based Trojan, meaning it coopts Windows’s PowerShell interface, which automates critical computing tasks and assists in configuration management.
Essentially, PowerShell is a powerful istrative tool for a device, and an attacker who controls it can do what they like — but this isn’t a particularly new feature for malware. In fact, in its attack chain, StarsLord isn’t that different from its predecessors: It installs itself on a system, connects to its remote server and s additional malware. What is revolutionary is how StarsLord avoids getting caught.
StarsLord takes advantage of another legitimate Windows component, called Background Intelligent Transfer Service (BITS) to transfer the malicious files in the background, without running any applications. Plus, StarsLord s its PowerShell script using a Windows Script File and a .jpg extension. Thus, some antivirus services struggle to identify the malware as a threat.
What’s more, StarsLord boasts all sorts of features designed to overwhelm and devastate a ’s security measures, to include:
- Geofencing, or restricting access to content based on a ’s location
- Tracking, or giving the attacker information about the stage of the infection
- Trapping, or isolating analyst machines to thwart deeper understanding of the malware’s processes
With all these advanced features, StarsLord certainly seems like an important malware evolution worthy of the new decade — but is there anything s can do to stay out of its clutches?
How Can s Stop StarsLord?
How Can s Stop StarsLord?Loaders are increasing in complexity and prevalence thanks to their power and flexibility to conform to an attacker’s intentions. However, because loaders don’t offer the same experience to each victim — and because loaders’ processes aren’t as easy for tech-amateurs to understand — s aren’t as familiar with loaders as they are with other malware types, like ransomware. Unfortunately, this means that not much money and effort are currently allocated to thwarting this rising threat.
Fortunately, StarsLord has one crucial thing in common with the other, more rudimentary malware that came before: how it gets onto systems. StarsLord always arrives on devices in an email, with a ZIP attachment.
The content of the email is personalized to the ’s language and might include the ’s name and addresses, to inspire trust and encourage ing the attached file. Therefore, s can steer clear of StarsLord by adhering to one of the most important rules of cyber hygiene: Don’t interact with suspicious messages. Additionally, comprehensive antivirus protection should be able to identify the threat in the email before s make any mistakes.
Perhaps the most important lesson from StarsLord is this: Even if a remake doesn’t make the news, it could be making waves in the industry. StarsLord and other loader-type malware are likely to evolve dramatically in the coming months and years, becoming perhaps some of the most dangerous threats on the web. By staying abreast of these early developments, s can know what to look for and how to stay safe, even as the tech landscape grows and shifts.
