Tag: infostealers

9 Attack Reports | 0 Vulnerabilities

Attack reports

Analysis: SmokeLoader malware distribution

A malicious campaign targeting First Ukrainian International Bank has been observed using the Emmenhtal loader to distribute SmokeLoader malware. The infection chain begins with a deceptive email containing a 7z archive, which extracts to reveal a bait PDF and a shortcut file. The shortcut download…
obfuscation
powershell
cryptbot
infostealers
banking
smokeloader
lumma
emmenhtal
lolbas
2025-03-31
mshta
Published: March 31, 2025
Downloadable IOCs: 0

2024 Malicious Infrastructure Insights: Key Trends and Threats

The report highlights significant trends in malicious infrastructure for 2024, including the rise of malware-as-a-service infostealers, continued dominance of Cobalt Strike among offensive security tools, and increased use of legitimate services by threat actors. Key findings include LummaC2's domi…
lummac2
plugx
cobalt strike
asyncrat
cybercrime
infostealers
dcrat
latrodectus
botnets
mobile malware
malicious infrastructure
quasarrat
hook
gobrat
brute ratel c4
remote access trojans
2025-02-28
traffic distribution systems
mozi botnet
state-sponsored groups
command-and-control servers
solarmarker rat
offensive security tools
Published: February 28, 2025
Downloadable IOCs: 0

Malicious CAPTCHA delivers Lumma and Amadey Trojans

An adware campaign targets online users by presenting them with fake CAPTCHA or update prompts, tricking them into running malicious PowerShell commands that deploy credential-stealing malware like Lumma and Amadey. The attackers leverage ad networks to redirect victims to compromised sites hosting…
malvertising
adware
remcos
amadey
infostealers
social-engineering
lumma
captcha
2024-10-29
Published: October 29, 2024
Downloadable IOCs: 1

Beware: Fake Google Meet Pages Deliver Infostealers in Ongoing ClickFix Campaign

Threat actors are using fake Google Meet web pages as part of the ClickFix campaign to deliver infostealers targeting Windows and macOS systems. The attackers display fake error messages in web browsers, tricking users into executing malicious PowerShell code. The campaign has expanded to impersona…
social engineering
powershell
windows
rhadamanthys
stealer
macos
infostealers
stealc
clickfix
2024-10-18
google meet
atomic
Published: October 18, 2024
Downloadable IOCs: 0

Marko Polo Navigates Uncharted Waters with Infostealer Empire

An analysis has uncovered a highly adaptable cybercriminal group, codenamed 'Marko Polo', that operates sophisticated scams employing information-stealing malware to target individuals and organizations globally. They primarily operate through social media, impersonating legitimate brands in sector…
impersonation
infostealers
scams
social_engineering
2024-09-17
cybercriminal
marko polo
Published: September 17, 2024
Downloadable IOCs: 47

Strike Ready: Introducing the Bitter APT Group

The report provides an in-depth analysis of the Bitter APT Group, a threat actor primarily focusing on cyber espionage activities in South Asia. It details the group's tactics, techniques, and procedures, including their ability to bypass security technologies by leveraging obscure file formats and…
espionage
persistence
infostealers
backdoors
2024-08-19
olmapi32.dll
scm.exe
stom.jpg
sparrow.jpg
schs.exe
orpcbackdoor
figlio.exe
sstn.exe
payloads
searchapp.jpg
Published: August 19, 2024
Downloadable IOCs: 82

Stargazers Ghost Network

Check Point Research identified a sophisticated network of GitHub accounts distributing malware through malicious repositories. The Stargazers Ghost Network consists of different types of accounts performing various actions like starring, forking, and subscribing to give an appearance of legitimacy…
infostealers
2024-07-24
botnets
Published: July 24, 2024
Downloadable IOCs: 37

ViperSoftX Uses Deep Learning-based Tesseract to Exfiltrate Information

This analysis focuses on the recent activities of the ViperSoftX malware strain, which controls infected systems and steals user information. The malware is known to install additional malware payloads, including Quasar RAT and a new infostealer called TesseractStealer. TesseractStealer utilizes th…
malware
cybercrime
infostealers
2024-05-17
quasar rat
tesseractstealer
malware-distribution
vipersoftx
crypto-targeting
Published: May 17, 2024
Downloadable IOCs: 8

Threat Actors Hack YouTube Channels to Distribute Infostealers

This analysis reveals that malicious groups have been exploiting popular YouTube channels, including some with over 800,000 subscribers, to distribute various infostealer malware strains like Vidar and LummaC2. The attackers upload videos promoting cracked software with links to malicious payloads …
lummac2
malware distribution
2024-05-05
2024-05-06
2024-05-07
2024-05-08
vidar
youtube
infostealers
compromised accounts
2024-05-09
2024-05-10
Published: May 10, 2024
Downloadable IOCs: 13
Click here to see more Attack Reports