How Cracks and Installers Bring Malware to Your Device

Jan. 15, 2025, 7:48 p.m.

Description

Trend Micro research shows how attackers use platforms like YouTube to spread fake installers via trusted hosting services, employing encryption to evade detection and steal sensitive browser data.

External References

https://www.trendmicro.com/en_us/research/25/a/how-cracks-and-installers-bring-malware-to-your-device.html
https://documents.trendmicro.com/assets/txt/Fakeinstallers-IOCswCQX6fX.txt
https://otx.alienvault.com/pulse/6786811f4d9b099bed66338e
Tags
amadey
vidar
urls
penguish
lummastealer
ioc
privateloader
malware detection
2025-01-14
revil
c2 servers
cyber threats
marsstealer
domains
rugmi
sodinokibi
hashes
sodin

Date

  • Created: Jan. 14, 2025, 3:22 p.m.
  • Published: Jan. 14, 2025, 3:22 p.m.
  • Modified: Jan. 15, 2025, 7:48 p.m.

Attack Patterns

  • MARSSTEALER
  • RUGMI
  • Sodinokibi
  • Sodin
  • REvil - S0496
  • LummaStealer
  • PENGUISH
  • Amadey - S1025
  • Vidar
  • PrivateLoader
  • T1588.001
  • T1588.002
  • T1573.002
  • T1547.001
  • T1012
  • T1056.001
  • T1071.001
  • T1204.002
  • T1082
  • T1057
  • T1083
  • T1055
  • T1112
  • T1059