Today > 2 Critical | 11 High | 12 Medium vulnerabilities   -   You can now download lists of IOCs here!

VIPKeyLogger Infostealer in the Wild

Dec. 16, 2024, 2:33 p.m.

Description

A new infostealer called VIPKeyLogger has been observed with increased activity. It shares similarities with Snake Keylogger and is distributed through phishing campaigns. The malware is delivered as an archive or Microsoft 365 file attachment, which downloads and executes a .NET compiled file. VIPKeyLogger utilizes steganography to hide obfuscated code within a bitmap image. It exfiltrates various data types including PC names, country names, clipboard data, screenshots, cookies, and browser history. The stolen information is sent via Telegram to Dynamic DuckDNS C2 servers. The attack chain involves multiple stages, from initial email lure to payload execution and data exfiltration.

Date

Published: Dec. 16, 2024, 12:46 p.m.

Created: Dec. 16, 2024, 12:46 p.m.

Modified: Dec. 16, 2024, 2:33 p.m.

Attack Patterns

VIPKeyLogger

Snake Keylogger

404 Keylogger

T1102.002

T1074

T1059.001

T1115

T1056.001

T1113

T1071.001

T1005

T1573

T1204

T1140

T1027

T1041

T1566