VERY IMPORTANT

Trendmicro found a new malware family that targets web servers, network drives, and removable drives using multiple web server exploits and brute-force attacks. This malware, which we named BlackSquid after the registries created and main component file names, is particularly dangerous for several reasons. It employs anti-virtualization, anti-debugging, and anti-sandboxing methods to determine whether to continue with installation or not. It also has wormlike behavior for lateral propagation. In addition, cybercriminals may be testing the viability of the techniques used in this malware’s routine for further development. The sample we acquired downloads and installs an XMRig Monero cryptocurrency miner as the final payload. But BlackSquid may be used with other payloads in the future.