Stealers on the rise: Kral, AMOS, Vidar and ACR

Oct. 21, 2024, 4:54 p.m.

Description

This intelligence report analyzes the increasing prevalence of information stealers, focusing on Kral, AMOS, Vidar, and ACR. Kral, delivered by its downloader, targets cryptocurrency wallets and browser data. AMOS, a macOS stealer, spreads through malvertising impersonating Homebrew. Vidar distributes via YouTube comments and uses DLL hijacking, ultimately downloading the ACR stealer. The report highlights the widespread nature of stealers, their popularity among cybercriminals, and the potential for stolen data to be used in further attacks or sold on the dark web. It emphasizes the importance of basic security measures like 2FA and downloading software only from official sources to mitigate these threats.

External References

https://securelist.com/kral-amos-vidar-acr-stealers/114237/
https://otx.alienvault.com/pulse/671670443f79c488af78c534
Tags
cryptocurrency
macos
credential theft
vidar
data exfiltration
amos
aurora
2024-10-21
dll hijacking
information stealers
kral
penguish
acr

Date

  • Created: Oct. 21, 2024, 3:16 p.m.
  • Published: Oct. 21, 2024, 3:16 p.m.
  • Modified: Oct. 21, 2024, 4:54 p.m.

Attack Patterns

  • Penguish
  • MacRansom.K
  • ThiefQuest - S0595
  • Kral
  • 9002 RAT
  • McRat
  • HydraQ
  • HidraQ
  • Homux
  • HomeUnix
  • MdmBot
  • Roarur
  • Hydraq - S0203
  • AMOS
  • Aurora
  • Vidar
  • EvilQuest

Additional Informations

  • Brazil