Sign up for our daily briefing

Make your busy days simpler with Axios AM/PM. Catch up on what's new and why it matters in just 5 minutes.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Catch up on coronavirus stories and special reports, curated by Mike Allen everyday

Catch up on coronavirus stories and special reports, curated by Mike Allen everyday

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Denver news in your inbox

Catch up on the most important stories affecting your hometown with Axios Denver

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Des Moines news in your inbox

Catch up on the most important stories affecting your hometown with Axios Des Moines

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Minneapolis-St. Paul news in your inbox

Catch up on the most important stories affecting your hometown with Axios Twin Cities

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Tampa Bay news in your inbox

Catch up on the most important stories affecting your hometown with Axios Tampa Bay

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Charlotte news in your inbox

Catch up on the most important stories affecting your hometown with Axios Charlotte

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Photo: Epoxydude via Getty

A well-known cyber crime group launched new malware that may signal that they — and possibly other groups as well — are moving towards stealth, reconnaissance and agility, according to Proofpoint, the firm that discovered the new "Marap" malware.

What's a Marap? Marap was created by the same group responsible for the widespread banking credential harvester Dridex and the ransomware Locky. It's designed to download other programs — the first stage of an attack.

Marap is stealthy, even among downloaders. Kevin Epstein, vice president of Proofpoint's threat operation center, explains: Marap is loaded up with tools to evade security tools and analysis and appears to be designed to lay mostly dormant while the hackers decide what they want to do.

What they're saying: "We don't see many things this stealthed and quiet," said Epstein, even among other downloaders.

The strategy: Epstein contrasts Marap with other downloaders that might come bundled with other functions or immediately start a download of a more feature rich malicious program. Instead, Marap sends a very small package of information about the computer it infected back to its developers and awaits further instructions.

If Marap is the first stage in an attack, Proofpoint has yet to see stage two. They have not seen Marap execute instructions to start downloading anything.

  • Epstein said the firm believes that the delay is to use the information about its victims to determine the most lucrative next step, whether that's setting up long-term shop in a server with valuable data or installing a cryptocurrency mining program in a more mundane system.

Why it matters: The firm thinks this might signal a change in how attackers approach their craft, from a period of quick hit criminal moves to more deliberate action.

"You don't switch from stick-ups to heists if the stick-ups still get all the money you want," explained Epstein.

The criminal group behind Marap, sometimes refered to as TA505, is known for distributing its malware over the Necurs botnet, which has changed its main focus in recent days.

Go deeper

Journalism enters dangerous new era

Illustration: Brendan Lynch/Axios

The Capitol attack on Jan. 6 resulted in at least nine physical assaults against journalists and at least five arrests, per the U.S. Press Freedom Tracker's top editor.

Why it matters: President Trump's harsh rhetoric towards the press has empowered leaders abroad and locally in the U.S. to continue to attack press that they don't like.

Ben Geman, author of Generate
2 hours ago - Politics & Policy

The beginning of the beginning for Biden's climate push

Illustration: Annelise Capossela/Axios

Joe Biden's inauguration and the days right after will bring a rat-tat-tat burst of climate policy moves, but keep this in mind amid the splashy pledges: pushing through most of his agenda will be a long, uncertain slog.

Why it matters: Biden's climate plan is far more expansive than anything contemplated under President Obama. But for all the immediate pledges, it will take years to see how far Biden gets.

Dion Rabouin, author of Markets
3 hours ago - Economy & Business

Biden's inflation danger

Illustration: Sarah Grillo/Axios

President-elect Joe Biden's $1.9 trillion stimulus proposal has economists and bullish market analysts revising their U.S. growth expectations higher, predicting a reflation of the economy in 2021 and possibly more booming returns for risk assets.

Yes, but: Others are warning that what's expected to be reflation could actually show up as inflation, a much less welcome phenomenon.