• About Us
  • Advertising
  • Digital Magazine
  • Supplements
  • Media Pack
  • Privacy Policy
  • Contact us
CXO Insight Middle East
  • News
  • Opinion
  • Business
    • Industries
      • Transport
      • Retail
      • Government
      • Real Estate
      • Education
      • Energy
      • Banking and Finance
    • Channel
  • Future
    • Tech
    • Gadgets
    • Science
    • Space
    • Sustainability
  • Events
    • Channel Insights Summit 2025
    • Insight Innovation Summit
    • CXO50 Oman
    • CXO50
    • ICT Awards
      • Dubai 2025
      • Saudi Arabia
    • Cyber Strategists Summit
    • Cloud Connect 2025
    • Channel Awards 2024
    • All events
  • GITEX
  • Digital Magazine
No Result
View All Result
CXO Insight Middle East
  • News
  • Opinion
  • Business
    • Industries
      • Transport
      • Retail
      • Government
      • Real Estate
      • Education
      • Energy
      • Banking and Finance
    • Channel
  • Future
    • Tech
    • Gadgets
    • Science
    • Space
    • Sustainability
  • Events
    • Channel Insights Summit 2025
    • Insight Innovation Summit
    • CXO50 Oman
    • CXO50
    • ICT Awards
      • Dubai 2025
      • Saudi Arabia
    • Cyber Strategists Summit
    • Cloud Connect 2025
    • Channel Awards 2024
    • All events
  • GITEX
  • Digital Magazine
No Result
View All Result
CXO Insight Middle East
No Result
View All Result

Sophos Sheds Light on the Menace of Droppers-as-a-Service

by CXO Staff
September 9, 2021
in News

Sophos has released a new research, “Fake Pirated Software Serves Up Malware Droppers as a Service,” detailing how droppers for hire are delivering bundles of malicious and unwanted content to targets looking for “cracked” versions of popular business and consumer applications.

Fortinet Expands Security Services Offerings to Protect Digital Infrastructures

Sophos has released a new research, “Fake Pirated Software Serves Up Malware Droppers as a Service,” detailing how droppers for hire are delivering bundles of malicious and unwanted content to targets looking for “cracked” versions of popular business and consumer applications.

 Sean Gallagher, Senior Threat Researcher at Sophos, said, “Paid download and dropper services have been around for a long time, but they continue to evolve and thrive and make money for the operators behind them. Our research suggests that this success is due in part to the fact that underground demand for account access credentials remains high, and these paid-for services enable less-skilled cybercriminals to implement bulk credential theft and cryptocurrency fraud at minimal cost.

“The dropper-as-a-service operators have also adapted to maximize their profits by bundling a range of malicious or unwanted content in each dropper, hitting victims with a raft of toxic applications in a single download.”

According to Gallagher, the last 18 months have seen millions more people working from home and often using personal devices to do that work. This has extended the risk of malicious dropper downloads to businesses and brought potentially far more lucrative corporate targets within the range of entry-level adversaries.

“For instance, our research uncovered droppers delivering backdoors such as Glupteba alongside information stealers such as Raccoon Stealer and Crypto Bot.

“Fortunately, when it comes to organizational security, malware delivered by droppers is easily detectable by security software, either because of its signature or its behavior. However, because malicious packages are in encrypted archives, security technologies don’t detect the malicious files until they are unpacked.”

SophosLabs recently published research into the Raccoon Stealer information stealer, which was delivered to targets as part of a malicious bundle by a dropper-as-a-service. In a follow up to this research, SophosLabs researchers have analyzed how these dropper services deliver their multiple payloads.

Below is a diagram of what happens when someone clicks to download what they think is pirated software, but which is, in fact, a disguised malware dropper:

InstallUSD is an example of a dropper-as-a-service, and its dropper infrastructure works as follows:

Further technical details on InstallUSD are available in the research blogpost on SophosLabs Uncut.

How to defend against droppers

Sophos recommends that organisations review their security software, settings and policies to ensure they can detect and block malicious and unwanted downloads.

This includes having a robust approach to web filtering. The malware hidden inside a dropper package may only be detectable once it is unpacked and by then it could already be inside the

network. A good web filter will not only scan regular downloads, but also inspect encrypted network traffic. According to Sophos research, more than half of malware now use Transport Layer Security (TLS) encryption for communications. Web filters also protect organizations and its employees from connecting to dangerous or untrustworthy servers in the first place, by blocking bad domains and URLs.

Organizations should complement network security with up-to-date endpoint protection that has behavioral detection capabilities on all of the devices that employees use to remotely access work-related services.

Tags: Droppers-as-a-Servicefeatured3Sean GallagherSophos
ShareTweet

Related Posts

Gartner forecasts rise of Guardian agents
Future

Gartner forecasts rise of Guardian agents

By 2030, guardian agent technologies will account for at least 10 to 15% of agentic AI markets, according to Gartner....

June 12, 2025
Deloitte ME advances AI integration with launch of Global Agentic Network
Future

Deloitte ME advances AI integration with launch of Global Agentic Network

Deloitte has launched its Global Agentic Network, a strategic initiative designed to scale AI-driven digital workforce solutions for organisations around...

June 12, 2025

Discussion about this post

Latest Issue

Gartner forecasts rise of Guardian agents

Gartner forecasts rise of Guardian agents

June 12, 2025
Deloitte ME advances AI integration with launch of Global Agentic Network

Deloitte ME advances AI integration with launch of Global Agentic Network

June 12, 2025
TeKnowledge and Kore.ai partner to close the enterprise AI execution gap

TeKnowledge and Kore.ai partner to close the enterprise AI execution gap

June 12, 2025

The most trusted source of strategic intelligence for IT decision makers in the Middle East.

About

  • About Us
  • Advertising
  • Digital Magazine
  • Supplements
  • Media Pack
  • Contact Us

Policies

  • Privacy Policy

© 2024 – CXO Insight Middle East. All Rights Reserved.

Facebook-f X-twitter Linkedin
Separated they live in Bookmarksgrove right at the coast of the Semantics, a large language ocean. A small river named Duden.

About

  • About Us
  • Site Map
  • Contact Us
  • Career

Policies

  • Help Center
  • Privacy Policy
  • Cookie Setting
  • Term Of Use

Join Our Newsletter

© 2024 – CXO Insight Middle East. All Rights Reserved.

Facebook-f Twitter Youtube Instagram

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In
Join our mailing list
Sign up here to get the latest news, updates and special offers delivered directly to your inbox.
No Result
View All Result
  • News
  • Opinions
  • Business
    • Industries
      • Transport
      • Retail
      • Government
      • Real Estate
      • Education
      • Energy
      • Banking and Finance
  • Channel
  • Future
    • Tech
    • Gadgets
    • Science
    • Space
    • Sustainability
  • Events
    • Channel Insights Summit 2025
    • Insight Innovation Summit
    • CX50 Oman
    • CXO50
    • ICT Awards
      • Dubai
      • Saudi Arabia
    • Cyber Strategists Summit
    • Cloud Connect 2025
    • Channel Awards 2023
    • All events
  • Videos
  • GITEX GLOBAL
  • Digital Magazine

© 2024 - CXO Insight Middle East. All Rights Reserved.