Exposing the Deception: Russian EFF Impersonators Behind Stealc & Pyramid C2

Description

A threat group impersonating the Electronic Frontier Foundation (EFF) is targeting Albion Online players through phishing messages and decoy documents. The campaign uses malware such as Stealc stealer and Pyramid C2 to compromise player accounts. Analysis of an exposed directory revealed PowerShell scripts, PDFs, and malicious payloads. The infrastructure includes multiple servers sharing SSH keys. Code comments suggest Russian-speaking developers. The attackers use EFF's reputation to lend credibility while executing malware in the background. The campaign exploits the game's player-driven economy, where in-game assets have real-world value. Mitigation strategies include cautious handling of unsolicited communications and verifying sources' authenticity.