Marcos Alvares
Last known affiliation: Crowdstrike
Bio: Marcos Alvares works with Information Security for the past 20 years and has been doing research on botnets and cybercrime for the past 7 years. He currently works as Senior Security Researcher at CrowdStrike. Besides collecting and reversing malware samples, he enjoys running half-marathons in his spare time.
Date: 2022-04-28
Smoke and Fire – Smokeloader Historical Changes and Trends
Marcos Alvares 🗣
Marcos Alvares 🗣
Abstract (click to view)
Smokeloader (aka Sharik or SmokeBot) turned 10 in 2021! Few malware families make to this mark without collapsing or getting caught by law enforcement. For over a decade, Smokeloader has been deployed as part of distribution schemes of many high-profile financially motivated malware families, such as Dridex, Trickbot, ISFB and SilentNight. Its simplicity and business model have contributed to this longevity. This presentation intends to provide (i) a technical overview on key changes implemented over the past 10 years, (ii) statistics on customers and infrastructure and (iii) highlights on tactics that helped smokeloader survive all this time.
PDF
Video