New 'Lobshot' hVNC Malware Used by Russian Cybercriminals
Russian cybercrime group TA505 has been using a new hVNC (Hidden Virtual Network Computing) malware called Lobshot in recent attacks. Lobshot allows attackers to bypass fraud detection engines and gain stealthy, direct access to infected machines. The malware is distributed through malvertising, abusing Google Ads and fake websites to trick users into downloading legitimate-looking installers containing backdoors. Lobshot relies on dynamic import resolution to evade detection and performs a Windows Defender anti-emulation check. The malware targets over 50 Chrome, Edge, and Firefox extensions related to cryptocurrency wallets. Its core functionality revolves around its hVNC module, which provides the attacker with full remote control of the machine. TA505 has been using Lobshot in attacks since at least 2022. Malware: Lobshot, Locky, FriedEx, BitPaymer, Dridex, Bart, WastedLocker [View Article](https://www.securityweek.com/new-lobshot-hvnc-malware-used-by-russian-cybercriminals/)