A newly discovered malware, known as Pronsis Loader, has been identified by Trustwave SpiderLabs as a rare and sophisticated threat to businesses. Utilizing the lesser-known programming language JPHP, Pronsis Loader’s custom payload is difficult to detect using traditional cybersecurity tools.
The malware uses advanced installation techniques, allowing it to deploy custom payloads as required, making it challenging for security systems to detect and mitigate. Unlike more common programming languages used in malware development, JPHP gives Pronsis Loader an advantage in avoiding detection.
To evade signature-based detection systems, the malware employs obfuscation and encryption methods during its initial infection phase. It then deploys complex methods to avoid triggering traditional antivirus software and endpoint protection systems, installing itself silently without raising suspicion.
Once installed, Pronsis Loader can download and execute additional malware, including ransomware, spyware, or data exfiltration tools. Its modular approach makes it highly flexible, allowing attackers to tailor the final payload based on the target’s system or environment.
To combat evolving threats like Pronsis Loader, security teams should adopt more advanced monitoring and analysis methods, such as behavior-based detection. Continuous updates to threat intelligence can also help identify the use of rare languages and methods employed by this malware.
“The ability of Pronsis Loader to deliver high-risk payloads makes it particularly dangerous,” said Shawn Kanady, Global Director of Trustwave SpiderLabs. “Our research highlights not only its unique capabilities but also the infrastructure that could be leveraged in future campaigns.”
Source: https://www.techradar.com/pro/security/this-new-malware-utilizes-a-rare-programming-language-to-evade-traditional-detection-methods