Tag: information-stealing

6 Attack Reports | 0 Vulnerabilities

Attack reports

Vidar Stealer: Infostealer malware discovered in Steam game

A recent analysis uncovered a sophisticated deployment of Vidar Stealer, an infamous information-stealing malware, disguised as a legitimate Microsoft Sysinternals tool, BGInfo.exe. The malware, found with an expired Microsoft signature, was significantly larger than the original file and contained…
information-stealing
vidar stealer
2025-04-07
thread hijacking
gaming platforms
expired signatures
malware obfuscation
bginfo
Published: April 7, 2025
Downloadable IOCs: 1

Lumma Stealer Chronicles: PDF-themed Campaign Using Compromised Educational Institutions' Infrastructure

An ongoing malware campaign is distributing Lumma Stealer, an information-stealing malware, through malicious LNK files disguised as PDF documents. The campaign exploits compromised educational institutions' infrastructure to host these files. When executed, the LNK files initiate a multi-stage inf…
phishing
lumma stealer
information stealing
maas
lnk files
multi-stage infection
2025-02-17
steam profiles
educational institutions
pdf-themed
Published: February 17, 2025
Downloadable IOCs: 24

Lumma Stealer's GitHub-Based Delivery Explored via Managed Detection and Response

Trend Micro's Managed XDR team investigated a sophisticated campaign distributing Lumma Stealer through GitHub. The attackers exploited GitHub's release infrastructure to deliver various malware, including SectopRAT, Vidar, and Cobeacon. The campaign used compromised websites for redirection to Git…
lumma stealer
information stealing
2025-01-31
Published: January 31, 2025
Downloadable IOCs: 0

Unmasking Lumma Stealer: Analyzing Deceptive Tactics with Fake CAPTCHA

Lumma Stealer, a sophisticated information-stealing malware, has evolved its tactics to employ fake CAPTCHA verification for payload delivery. The malware exploits legitimate software and uses multi-stage fileless techniques to evade detection. Its infection chain involves PowerShell scripts, proce…
powershell
cryptocurrency
lumma stealer
information-stealing
data exfiltration
fileless
maas
process hollowing
fake captcha
2024-10-21
Published: October 21, 2024
Downloadable IOCs: 23

Appearance of Kimsuky group's new backdoor (HappyDoor)

Asec Ahnlab analyzes a new backdoor malware called HappyDoor used by the North Korean hacking group Kimsuky in recent email attacks. The malware has evolved over time and contains capabilities for information stealing and remote access. It communicates with command and control servers using encrypt…
backdoor
north korea
kimsuky
cyber espionage
2024-07-01
appleseed
information stealing
happydoor
Published: July 1, 2024
Downloadable IOCs: 16

Exploring the Depths of Multi-tiered Infrastructure

This report provides an in-depth analysis of SolarMarker, a highly persistent and evolving malware family. It delves into the malware's evolution since 2020, detailing its functionality, evasion tactics, and targeting strategies. The report also highlights the multi-tiered infrastructure supporting…
modular
2024-05-09
solarmarker
persistent
solarphantom
evasive
multi-tiered
information-stealing
2024-05-14
2024-05-10
Published: May 14, 2024
Downloadable IOCs: 45
Click here to see more Attack Reports