Today > | 7 High | 23 Medium | 2 Low vulnerabilities   -   You can now download lists of IOCs here!

Threat actors use copyright infringement phishing lure to deploy infostealers

Nov. 1, 2024, 5:26 p.m.

Description

An unknown threat actor is conducting a phishing campaign targeting Facebook business and advertising account users in Taiwan. The campaign uses emails impersonating legal departments, claiming copyright infringement to lure victims into downloading malware. The attackers abuse Google's Appspot domains, short URLs, and Dropbox to deliver information stealers, employing various evasion techniques. The malware includes LummaC2 and Rhadamanthys stealers, which are embedded in legitimate binaries. The campaign specifically targets traditional Chinese speakers and uses well-known company names in Taiwan and Hong Kong to increase credibility. The infection chain involves encrypted archives, fake PDF executables, and sophisticated loaders that employ anti-analysis techniques and ensure persistence on infected systems.

Date

Published: Oct. 31, 2024, 9:16 p.m.

Created: Oct. 31, 2024, 9:16 p.m.

Modified: Nov. 1, 2024, 5:26 p.m.

Attack Patterns

LummaC2

Rhadamanthys

T1027.001

T1055.001

T1102.002

T1053.005

T1573.001

T1547.001

T1071.001

T1204.002

T1573

T1566.001

T1071

T1102

T1055

T1140

T1027

T1566

T1059

Additional Informations

Technology

Media

Hong Kong

Taiwan