LOADERS OBJECTIVE : Monitor the computer of a victim and download a malicious software from a command and control server (CnC)
CRYPTERS OBJECTIVE : Encrypte and hide the malicious software payloads
Loaders allow you to bypass anti-viruses by hiding and delivering payloads. The term "payload" is used figuratively to designate the part of the executable code of a virus which is specifically intended to harm (as opposed to the code used by the virus to replicate).
Once hackers have identified a target, the next step is to introduce the codes, such as malware, to the targeted device or system. Since these are generally protected by antivirus software, which can recognize, report or block the payload of the malicious application, criminals commonly use special tools such as Loaders and Crypters.
These tools allow to escape the detections of the Endpoint security tools, enabling to download and run secretly the malicious codes or other applications. Loaders generally have limited capabilities. The processes vary from one Loader to another:
The most basic stores the malicious applications directly into the file system of the victim, then runs it as a new process.
The most advanced keep the downloaded Payload in memory and then runs through an injection technique, such as injection of a DLL for example.
By keeping the Payload in memory, the Loader considerably reduces the chances that a security tool can detect the final malicious application.
The Crypters are essential services for hackers involved in the spread of malware. The Crypters are used to encrypt and hide the malicious software payloads to avoid detection by security solutions such as antivirus, for example. The Crypters can, among others, compress executables, impersonate a legitimate program and escape from being tested by sandbox techniques.
In order to assist any novice hacker who does not have the technical expertise to deploy their in-house developed malware, the developers of Crypters have developed simple intuitive graphical interfaces for the use of their Crypters. Through these configuration panels, each neophyte will be able to select the wanted options, such as the destination of the payload injection, the encryption methods, and keys. These customizable crypters are available in Open source and publicly accessible. There are even a variety of tutorials and practical guides to detail the different manipulations. Wondering how it works? Well it is very simple.
The crypter encrypts the malicious payload in a chosen programming language
The hacker distributes this small packet to victims via phishing or spamming
The crypter decrypts and releases the malicious payload once it is executed after a mouse click or other user action.
HOW TO PROTECT ?
Enforce a Deep packet inspection policy to identify and stop unpacked payload or communications originated by a loader
Keep your endpoint protection up to date seeing the number of customized loaders and related tools
Educate on the risks related to phishing attacks, the initial access point through which the malware encrypted by Crypters can deploy.
Although Crypters are designed to escape from antivirus scanning, other advanced incident detection and response solutions may be able to detect the payload at runtime.
Keep the antivirus software up to date
Deploy a network intrusion detection system (IDS) at the perimeter, Endpoint monitoring, communication analysis or a web proxy, with or without human supervision.
VEEZO analyses and understands the whole IT communications in order to apply instantly the appropriate action to any detected incident and mitigate the cyberattacks.
VEEZO is a complementary service to any traditional security tool offering:
The network activity is analyzed in real-time detecting any suspicious or malicious communication
The malicious behaviors are immediately intercepted.
The appropriate actions are undertaken to mitigate the attacks, notify the managers and deliver the comprehensive incident reports.
Learn about hacking tools and techniques with Veezo.
Everything about the main hackers tools and how to stay protected here :