Ex-Conti members and FIN7 devs team up to push new Domino malware

According to a report dated April 17, 2023, former members of the Conti ransomware have created a new family of malware called "Domino" in collaboration with the cybercriminal group FIN7. 

This new family consists of two components: a backdoor named "Domino Backdoor" that installs a "Domino Loader" and allows the injection into the memory of another process of the second component, which is an information-stealing malware DLL. 

Since fall 2022, attacks using "Dave Loader", which is linked to former members of Conti and TrickBot, have been spotted deploying Emotet, Royal and Play, as well as this new Domino malware family. IBM researchers were able to link Domino to FIN7 through a large code overlap with Lizar, a post-exploitation toolkit associated with FIN7. 

The lines between malware developers and ransomware gangs are becoming blurred, making it difficult to distinguish between the two operations. 

Read more about it: here