Today > | 1 Medium vulnerabilities   -   You can now download lists of IOCs here!

Self-Proclaimed Meeting Software Vortax Spreads Infostealers, Unveils Expansive Network of Malicious macOS Applications

June 20, 2024, 12:42 p.m.

Description

While monitoring data in Recorded Future Malware Intelligence, Insikt Group identified purported virtual meeting software called Vortax that, upon download and installation, delivers three information stealers (“infostealers”) in cross-platform attacks — Rhadamanthys, Stealc, and, most notably, Atomic macOS Stealer (AMOS) — in an extensive campaign aimed at cryptocurrency theft.

Date

Published: June 20, 2024, 12:26 p.m.

Created: June 20, 2024, 12:26 p.m.

Modified: June 20, 2024, 12:42 p.m.

Indicators

f9785743539fdfb2199b53be57f86d5dba5c0cd3dfad1130de1532f92e0c7c4f

f3176e0859ba92049dcd57685c1b5f49b97183ff49fcc79f2ce4ad2b31d2d843

eb74c9dd0a0e3ea3cb31338c55e9e630fdee964a7b5967efcdfa8daa26a0f129

dee705f4a513081afe9ab682b832068ac558ad3145038e57edc8109ab0e80769

c34f8b6a299dd867a8d00b4fc50d91d9fdde4aa36f7c2a444aab4601dd4238e1

be7e5707e5e399aedcfb2800d7039ff050500be3bafd217ca9200abed8bef03f

bde29a5215e685805f00fee5f03de3478f8214195ecf93fb81562bcd6122149d

b1817f23b4b0b09cd7db9e90eac166ddf0de9d22aaf69f17308da43854604d9e

9f676511cb9b35e2916ebf79aec6b4aa6514f8bf640ea2fe786d16a7ed8dab7b

93463142e354b05bbac20b9e9498ee5f8c9ea2488151ee6870189baab0b7e2ff

922afb7de0159e7b435290868c51f33c59e0990ec964f77de9201534e4232117

8fb5de2498e48338825253f9d165986403661003393278d93cb35f5f9a1549dc

8e6176eaea919bae5b75000244474d8310a7b8d59806fca133d78f5343839d76

856979042a3c1f61050cc08e8f11856dc714ec16969bd0fc562fd47c9e6c8e4c

750baf928763a60343f8d48e45c4a4ca8da1243add410821b51484242571d089

7f6f85e1ae4186edc9bf821943893b183a6a9252b0899d682c1899201dffc496

73c099168755acbc793675a5e64ca719f909cd1943db5757af96b2c1c79ae6d8

7225d5fde4daa4552daf67a0ac2f6d7ec0e768536c5377ee3e7beaa04603a6f5

5d6075e33a168dfa44492dbec5462c6142399b708ec0d038e3e1869141e6b378

5d45cc81a22e6ba596b12db4baec5b20ccbe9ce52f8258fa5690da0e5ef2a982

5a441a59fe273161ff82cbe2a7fbddd21386481ad03cc1782b5b41b6b839c245

4b35a3872589f44c43469cf73c54b525506f6cc894598d109c5f931923c6eba9

05219c02d66daad246eab2abccc35384c34f17ce1daa2fee21cf0bfee88e31b2

79.137.197.159

89.105.198.134

77.221.151.54

193.233.132.137

xhaxo.com

weworkhappy.com

vortax.space

vortax.org

vortax.io

tripleplay-arg1.com

showpiecekennelmating.com

shinudating.com

repairleatherla.com

plumbonwater.com

piloje.com

pegamente.com

nongduangmarket.com

novatercaagilidade.com

msjessd.com

marylandhomerates.com

iuddy.com

institutoangelabatista.com

indianahomerates.com

hobbyplanners.com

garagemfinity.com

faruvinnovations.com

eliteneatproductshop.com

ebolight.com

deskpaypal.com

crosstacks.com

crosscertify.com

cheapcleanprotein.com

casino-legrand.info

betbhaibetting.com

assetsreserve.com

aidigibrain.com

123mllhasbrasil.com

Attack Patterns

AMOS

Atomic macOS

StealC

Rhadamanthys

T1444

T1041