THREATNOIR
Subscribe
Back to Feed
MalwareApr 4, 2026

"Salary Slips.exe." "Dont Delete.exe." "Important.exe." These are the filenames BRUSHWORM copies...

BRUSHWORM malware spreads via USB drives using deceptive filenames targeting South Asian financial institutions.

Read at source

Summary

Elastic Security Labs discovered BRUSHWORM, a malware campaign targeting a South Asian financial institution. The threat uses custom components that masquerade as legitimate files (Salary Slips.exe, Dont Delete.exe, Important.exe) when spreading across USB drives. The attack demonstrates a blend of social engineering and technical sophistication, combining multiple malicious components for network infiltration.

Indicators of Compromise

  • malware — BRUSHWORM

Entities

BRUSHWORM (threat_actor)Elastic (vendor)USB-based distribution (technology)