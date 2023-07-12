Trend Micro said it has detected a second Big Head element with both ransomware and stealer behaviors, the latter leveraging the open-source stealer WorldWind to collect web browser history, directory listings, running processes, product keys, and network information.

A third variant of Big Head has also been discovered that incorporates a file infector called Neshtaused to insert malicious code into executables on the infected host.

“Incorporating Neshta into your ransomware distribution can also serve as a camouflage technique for the final payload of Big Head ransomware“, said Trend Micro researchers.

“This technique can make the malware look like a different type of threat, such as a virus, which can divert the priority of security solutions that focus primarily on detecting ransomware.”

The identity of who created Big Head is currently unknown, but Trend Micro has identified a YouTube channel with the name “aplikasi premium cuma cuma”, suggesting that the opponent is probably of Indonesian origin.

“Security teams should stay prepared given the multifunctional nature of malware“, concluded the researchers. “This multifaceted nature gives malware the potential to cause significant damage once fully operational, making systems more difficult to defend, as each attack vector requires separate attention.”

How to defend against Big Head and other ransomware?

It may seem like a hackneyed platitude yet it would be enough to be careful of deceptive emails and links and not to download strange programs on the Windows PC; yet although many companies have started to offer computer security courses for employees, someone continues to fall for it.