RockLoader is a new malware downloader that was recently discovered by Proofpoint. This downloader is being used by the same cybercriminals behind Locky ransomware, and is spreading a number of malware variants in addition to the notorious ransomware. These include the Dridex 220 botnet trojan, as well as Kegotip and Pony, two malware variants used to steal information.
The new downloader stands out from the rest due to its ability to receive multiple commands in a single request. This gives the threat actors the ability to drop several malware payloads to the infected system with a single request. This makes the malware downloader extensible, and much more efficient.
RockLoader has been distributed through spam emails with JS attachments, as well as malicious documents.
ThreatSTOP customers are protected from RockLoader.