Description
In August 2024, eSentire's Threat Response Unit observed a sophisticated attack involving LummaC2 stealer malware and a malicious Google Chrome browser extension. The attack leveraged DLL side-loading to execute a loader delivering the malware and a PowerShell script that installed the extension. The extension manipulated browser activities, stole data like credentials and crypto wallets, and enabled remote control of infected systems. The infection chain showcased evasive tactics and the ability to dynamically alter web content, highlighting the importance of robust endpoint security, security awareness training, and secure software configurations.
Date
| Published | Created | Modified |
|---|---|---|
| Sept. 9, 2024, 9:34 a.m. | Sept. 9, 2024, 9:34 a.m. | Sept. 9, 2024, 9:52 a.m. |
Indicators
http://hit-1488.com/test_gate0117.php?a=XyLGVaXA1cIfBjj&id=0
http://run-df.com/gAySB.php?cnv_id=false&value=1
Attack Patterns
LummaC2
T1574.002