Stealers on the rise: Kral, AMOS, Vidar and ACR

Oct. 21, 2024, 4:54 p.m.

Tags
cryptocurrency
macos
credential theft
vidar
data exfiltration
amos
aurora
2024-10-21
dll hijacking
information stealers
kral
penguish
acr
External References
Description

This intelligence report analyzes the increasing prevalence of information stealers, focusing on Kral, AMOS, Vidar, and ACR. Kral, delivered by its downloader, targets cryptocurrency wallets and browser data. AMOS, a macOS stealer, spreads through malvertising impersonating Homebrew. Vidar distributes via YouTube comments and uses DLL hijacking, ultimately downloading the ACR stealer. The report highlights the widespread nature of stealers, their popularity among cybercriminals, and the potential for stolen data to be used in further attacks or sold on the dark web. It emphasizes the importance of basic security measures like 2FA and downloading software only from official sources to mitigate these threats.

Date

Published: Oct. 21, 2024, 3:16 p.m.

Created: Oct. 21, 2024, 3:16 p.m.

Modified: Oct. 21, 2024, 4:54 p.m.

Attack Patterns

Penguish

MacRansom.K

ThiefQuest - S0595

Kral

9002 RAT

McRat

HydraQ

HidraQ

Homux

HomeUnix

MdmBot

Roarur

Hydraq - S0203

AMOS

Aurora

Vidar

EvilQuest

T1056.002

T1564.001

T1074

T1027.002

T1204.001

T1547.001

T1087

T1071.001

T1036.005

T1204.002

T1005

T1105

T1036

T1140

T1027

T1059

Additional Informations

Brazil