Chinese threat actor using stealth malware

Microsoft is once again sounding the alarm about the latest malware campaigns and cyber threats. This time, the alert is for Tarrask, a "defense evasion malware" that uses Windows Task Scheduler to hide a device's compromised status from itself. BeCloud is on the lookout in our customer networks for this malware.

Microsoft sounds the alarm after discovering the stealth malware program because it has been deployed against computers in U.S. government agencies, corporate computer networks and other countries. The software, according to the blogging site Bleeping Computer and dubbed "Tarrask," is said to have been used to infect computers using peer-to-peer file sharing tools, but may have also been used as an early tool to attack companies prior to the malware being distributed through malicious downloading sites.

To conceal the malware's presence on a device, Tarrask uses Task Scheduler to run itself as a scheduled task. The malware then attempts to make all of the infected devices appear normal to outside observers by obstructing it's view in Windows Task Manager. Additionally, the malware looks for file-sharing tools installed on the infected computer and attempts to use them as a method of spreading itself to other computers.

Microsoft says the malware may have been used by the Chinese military to conduct attacks. It also says it has tracked some instances of Tarrask being used in targeted attacks in the Middle East, South America, North Africa and Asia, but that "undisclosed nation-state actors" might be behind some of those attacks as well. Network administrators beware of this and other scheduled task-based malware threats.

James Phipps 14 April, 2022
Share this post
Sign in to leave a comment


Don't be the next victim of SIM swapping