Tag: stealer

Crystal Rans0m is a newly discovered hybrid ransomware family developed in Rust, first observed in September 2023. It combines file encryption with data stealing capabilities, doubling its leverage over victims. The malware targets browser data, Discord tokens, Steam files, and Riot Games data. It …

Downloadable IOCs 5

Threat actors are using fake Google Meet web pages as part of the ClickFix campaign to deliver infostealers targeting Windows and macOS systems. The attackers display fake error messages in web browsers, tricking users into executing malicious PowerShell code. The campaign has expanded to impersona…

Downloadable IOCs 0

This intelligence report describes a technique employed by threat actors to compel victims into entering their credentials into a browser, thereby enabling the credentials to be stolen from the browser's credential store using traditional credential-stealing malware. The method involves launching t…

Downloadable IOCs 8

This comprehensive report analyzes Gomorrah Stealer, a sophisticated malware designed to exfiltrate sensitive information from compromised systems. It operates within a malware-as-a-service framework and targets data from web browsers, cryptocurrency wallets, VPNs, and configuration files. The stea…

Downloadable IOCs 6

Identified as a sophisticated dropper binary designed to deploy an information stealer dubbed BLX Stealer or XLABB Stealer, this malware has been actively promoted on Telegram and Discord platforms. It targets credentials, browser data, cryptocurrency wallets, and other sensitive personal informati…

Downloadable IOCs 5

This report provides an in-depth technical analysis of a new variant of the CryptBot infostealer, dubbed Yet Another Silly Stealer (YASS). It details the delivery chain, involving the MustardSandwich downloader, and dissects the YASS payload's functionalities, including its data gathering, encrypti…

Downloadable IOCs 13

In August 2024, eSentire's Threat Response Unit observed a sophisticated attack involving LummaC2 stealer malware and a malicious Google Chrome browser extension. The attack leveraged DLL side-loading to execute a loader delivering the malware and a PowerShell script that installed the extension. T…

Downloadable IOCs 7

This analysis examines a newly identified threat dubbed 'Ailurophile Stealer,' a malware designed to compromise victims' systems by extracting sensitive browser data including stored credentials, cookies, and browsing history. The stealer utilizes various techniques like placing malicious files in …

Downloadable IOCs 3

This report analyzes Cthulhu Stealer, a malware-as-a-service targeting macOS users to steal credentials and cryptocurrency wallets. It explores the malware's functionality, including prompting users for passwords, dumping keychain data, and exfiltrating stolen information. The analysis compares Cth…

Downloadable IOCs 9

The Cyble Research and Intelligence Lab (CRIL) discovered a sophisticated phishing website mimicking Google Safety Centre, designed to trick users into downloading malware. The malware, compromising security and stealing sensitive information, drops two threats: Latrodectus, which maintains persist…

Downloadable IOCs 15

G DATA has detected a novel information-stealing malware, dubbed 'Ailurophile Stealer'. It is a PHP-based stealer offered through a subscription model on its dedicated website. Customers utilize a web panel to generate customized malware variants, specifying features such as the malware name, icon,…

Downloadable IOCs 2

This report analyzes the D3F@ck Loader, a malware-as-a-service (MaaS) offering orchestrated by an individual going by the alias Sergei Panteleevich. The loader utilizes various evasion techniques, including the use of Extended Validation certificates, Inno Setup installers with custom Pascal script…

Downloadable IOCs 4

An analysis reveals the distribution of malware through an MSI package, specifically SectopRat and Redline stealer. The malware employs techniques like executing malicious scripts, disabling security measures, and establishing persistence through scheduled tasks. It communicates with command-and-co…

Downloadable IOCs 11

In July 2024, eSentire's Threat Response Unit observed a phishing attack leading to a 0bj3ctivity Stealer malware infection. The attack involved a malicious JavaScript file that retrieved and executed Ande Loader and the 0bj3ctivity Stealer. Ande Loader created persistence, downloaded additional pa…

Downloadable IOCs 2

This comprehensive technical analysis delves into the intricate workings of an advanced and localized malware campaign employing the RHADAMANTHYS stealer. Dissecting the infection chain, anti-analysis techniques, data theft capabilities, and Command & Control infrastructure, this detailed report sh…

Downloadable IOCs 5

A recent cybersecurity investigation uncovered a malware distribution campaign called DeerStealer. The malware was disseminated through counterfeit Google Authenticator websites, tricking visitors into downloading the malicious payload hosted on GitHub. Upon execution, the stealer collects system i…

Downloadable IOCs 28

An unknown threat actor created a deceptive advertisement that appeared as if it was from a reputable company, enticing users to click on it and visit a malicious website. The site hosted a digitally signed malicious file disguised as a popular multi-factor authentication application. Upon executio…

Downloadable IOCs 5

CrowdStrike Intelligence uncovered a phishing campaign impersonating CrowdStrike and distributing malicious files containing a Microsoft Installer (MSI) loader. The loader executes the commodity stealer 'Lumma Stealer' packed with 'CypherIt'. This campaign is likely linked to a previous 'Lumma Stea…

Downloadable IOCs 32

An unidentified threat actor exploited the July 19, 2024 Falcon sensor content issue to distribute a Python-based information stealer named Connecio. The malware was delivered via a malicious ZIP file masquerading as a Falcon update. Connecio collects system information, browser data, and exfiltrat…

Downloadable IOCs 30

An intelligence report outlines a campaign where an unidentified threat actor impersonated a Microsoft recovery manual through a malicious Word document containing macros. Upon execution, the macros downloaded a novel stealer now tracked as Daolpu. This stealer targets credentials stored in web bro…

Downloadable IOCs 6

This report details a malicious campaign exploiting the CVE-2024-21412 vulnerability in Microsoft Windows SmartScreen to bypass security warnings and deliver malware. Attackers employ crafted links, LNK files, and HTA scripts to download decoy PDFs and shell code injectors, ultimately injecting ste…

Downloadable IOCs 27

CYFIRMA discovered Braodo Stealer, a Python-based malware active since early 2024, primarily targeting users in Vietnam but also present in the US, Czechia, Germany, Netherlands, Singapore, and the UK. This malware utilizes GitHub and a Singapore-based VPS server to host and distribute its maliciou…

Downloadable IOCs 14

A malvertising campaign lures Mac users into downloading a counterfeit Microsoft Teams installer containing Atomic Stealer, a data-stealing malware. The campaign uses advanced filtering techniques, compromised ad accounts, and decoy pages to deliver unique payloads that bypass security measures. Up…

Downloadable IOCs 6

Cyble analyzes an ongoing campaign exploiting a Microsoft SmartScreen vulnerability to deliver stealers through spam emails. The campaign employs lures related to healthcare, transportation, and tax notices to trick users into downloading malicious payloads. It utilizes techniques like DLL sideload…

Downloadable IOCs 12

This report provides an in-depth analysis of a newly discovered information stealer named Kematian-Stealer, actively developed on GitHub and distributed as open-source software. The malware employs various techniques to collect sensitive data from compromised systems, evade detection, and maintain …

Downloadable IOCs 4

The report analyzes Kematian Stealer, a sophisticated PowerShell-based malware that exfiltrates sensitive data from infected systems. It is a forked version of PowerShell Token Grabber, with added capabilities like GUI builder, anti-analysis features, and stealing WiFi passwords, screenshots, and s…

Downloadable IOCs 0

Recent observations indicate a surge in JavaScript spreading StrelaStealer, a credential stealer specifically targeting Outlook and Thunderbird email credentials. While the infection chain resembles previous versions, additional checks have been implemented to avoid compromising systems in Russia. …

Downloadable IOCs 5

Researchers uncover a new malware variant called Iluria Stealer, created by the developer behind Nikki Stealer, utilizing the alias 'Ykg.' Iluria Stealer is designed to steal Discord tokens, browser credentials, and payment information. It employs techniques like obfuscation, process injection, and…

Downloadable IOCs 5

This analysis delves into three distinct stealers: Acrid, ScarletStealer, and Sys01. Acrid is a new stealer found in December, employing the 'Heaven's Gate' technique to bypass security controls. ScarletStealer downloads additional executables and Chrome extensions to facilitate data theft. Sys01, …

Downloadable IOCs 5

This report details the analysis of a malspam campaign utilizing the Matanbuchus loader, which involved decrypting strings within the malware through emulation techniques. The investigation pivoted to uncover a Russian bulletproof hosting service, Proton66 OOO, that currently hosts various maliciou…

Downloadable IOCs 76

This report details the operation of the zEus stealer malware, which is distributed through a crafted Minecraft source pack. The malware collects sensitive information from victims' systems, including login credentials, browser data, and cryptocurrency wallets. It employs anti-analysis techniques a…

Downloadable IOCs 23

HijackLoader, also known as IDAT Loader, is a modular malware loader capable of executing multiple payloads. It utilizes a variety of modules for code injection, execution, and evasion techniques. This report analyzes the updated version of HijackLoader, which includes new modules for bypassing Win…

Downloadable IOCs 11

This in-depth analysis examines Fletchen stealer, an advanced information-stealing malware featuring potent anti-analysis capabilities. It explores the malware's tactics for data harvesting from compromised systems, exfiltration methods, and measures to evade detection. The report emphasizes the dy…

Downloadable IOCs 13

Crystal Rans0m is a newly discovered hybrid ransomware family developed in Rust, first observed in September 2023. It combines file encryption with data stealing capabilities, doubling its leverage over victims. The malware targets browser data, Discord tokens, Steam files, and Riot Games data. It …

Downloadable IOCs 5

Threat actors are using fake Google Meet web pages as part of the ClickFix campaign to deliver infostealers targeting Windows and macOS systems. The attackers display fake error messages in web browsers, tricking users into executing malicious PowerShell code. The campaign has expanded to impersona…

Downloadable IOCs 0

This intelligence report describes a technique employed by threat actors to compel victims into entering their credentials into a browser, thereby enabling the credentials to be stolen from the browser's credential store using traditional credential-stealing malware. The method involves launching t…

Downloadable IOCs 8

This comprehensive report analyzes Gomorrah Stealer, a sophisticated malware designed to exfiltrate sensitive information from compromised systems. It operates within a malware-as-a-service framework and targets data from web browsers, cryptocurrency wallets, VPNs, and configuration files. The stea…

Downloadable IOCs 6

Identified as a sophisticated dropper binary designed to deploy an information stealer dubbed BLX Stealer or XLABB Stealer, this malware has been actively promoted on Telegram and Discord platforms. It targets credentials, browser data, cryptocurrency wallets, and other sensitive personal informati…

Downloadable IOCs 5

This report provides an in-depth technical analysis of a new variant of the CryptBot infostealer, dubbed Yet Another Silly Stealer (YASS). It details the delivery chain, involving the MustardSandwich downloader, and dissects the YASS payload's functionalities, including its data gathering, encrypti…

Downloadable IOCs 13

In August 2024, eSentire's Threat Response Unit observed a sophisticated attack involving LummaC2 stealer malware and a malicious Google Chrome browser extension. The attack leveraged DLL side-loading to execute a loader delivering the malware and a PowerShell script that installed the extension. T…

Downloadable IOCs 7

This analysis examines a newly identified threat dubbed 'Ailurophile Stealer,' a malware designed to compromise victims' systems by extracting sensitive browser data including stored credentials, cookies, and browsing history. The stealer utilizes various techniques like placing malicious files in …

Downloadable IOCs 3

This report analyzes Cthulhu Stealer, a malware-as-a-service targeting macOS users to steal credentials and cryptocurrency wallets. It explores the malware's functionality, including prompting users for passwords, dumping keychain data, and exfiltrating stolen information. The analysis compares Cth…

Downloadable IOCs 9

The Cyble Research and Intelligence Lab (CRIL) discovered a sophisticated phishing website mimicking Google Safety Centre, designed to trick users into downloading malware. The malware, compromising security and stealing sensitive information, drops two threats: Latrodectus, which maintains persist…

Downloadable IOCs 15

G DATA has detected a novel information-stealing malware, dubbed 'Ailurophile Stealer'. It is a PHP-based stealer offered through a subscription model on its dedicated website. Customers utilize a web panel to generate customized malware variants, specifying features such as the malware name, icon,…

Downloadable IOCs 2

This report analyzes the D3F@ck Loader, a malware-as-a-service (MaaS) offering orchestrated by an individual going by the alias Sergei Panteleevich. The loader utilizes various evasion techniques, including the use of Extended Validation certificates, Inno Setup installers with custom Pascal script…

Downloadable IOCs 4

An analysis reveals the distribution of malware through an MSI package, specifically SectopRat and Redline stealer. The malware employs techniques like executing malicious scripts, disabling security measures, and establishing persistence through scheduled tasks. It communicates with command-and-co…

Downloadable IOCs 11

In July 2024, eSentire's Threat Response Unit observed a phishing attack leading to a 0bj3ctivity Stealer malware infection. The attack involved a malicious JavaScript file that retrieved and executed Ande Loader and the 0bj3ctivity Stealer. Ande Loader created persistence, downloaded additional pa…

Downloadable IOCs 2

This comprehensive technical analysis delves into the intricate workings of an advanced and localized malware campaign employing the RHADAMANTHYS stealer. Dissecting the infection chain, anti-analysis techniques, data theft capabilities, and Command & Control infrastructure, this detailed report sh…

Downloadable IOCs 5

A recent cybersecurity investigation uncovered a malware distribution campaign called DeerStealer. The malware was disseminated through counterfeit Google Authenticator websites, tricking visitors into downloading the malicious payload hosted on GitHub. Upon execution, the stealer collects system i…

Downloadable IOCs 28

An unknown threat actor created a deceptive advertisement that appeared as if it was from a reputable company, enticing users to click on it and visit a malicious website. The site hosted a digitally signed malicious file disguised as a popular multi-factor authentication application. Upon executio…

Downloadable IOCs 5

CrowdStrike Intelligence uncovered a phishing campaign impersonating CrowdStrike and distributing malicious files containing a Microsoft Installer (MSI) loader. The loader executes the commodity stealer 'Lumma Stealer' packed with 'CypherIt'. This campaign is likely linked to a previous 'Lumma Stea…

Downloadable IOCs 32

An unidentified threat actor exploited the July 19, 2024 Falcon sensor content issue to distribute a Python-based information stealer named Connecio. The malware was delivered via a malicious ZIP file masquerading as a Falcon update. Connecio collects system information, browser data, and exfiltrat…

Downloadable IOCs 30

An intelligence report outlines a campaign where an unidentified threat actor impersonated a Microsoft recovery manual through a malicious Word document containing macros. Upon execution, the macros downloaded a novel stealer now tracked as Daolpu. This stealer targets credentials stored in web bro…

Downloadable IOCs 6

This report details a malicious campaign exploiting the CVE-2024-21412 vulnerability in Microsoft Windows SmartScreen to bypass security warnings and deliver malware. Attackers employ crafted links, LNK files, and HTA scripts to download decoy PDFs and shell code injectors, ultimately injecting ste…

Downloadable IOCs 27

CYFIRMA discovered Braodo Stealer, a Python-based malware active since early 2024, primarily targeting users in Vietnam but also present in the US, Czechia, Germany, Netherlands, Singapore, and the UK. This malware utilizes GitHub and a Singapore-based VPS server to host and distribute its maliciou…

Downloadable IOCs 14

A malvertising campaign lures Mac users into downloading a counterfeit Microsoft Teams installer containing Atomic Stealer, a data-stealing malware. The campaign uses advanced filtering techniques, compromised ad accounts, and decoy pages to deliver unique payloads that bypass security measures. Up…

Downloadable IOCs 6

Cyble analyzes an ongoing campaign exploiting a Microsoft SmartScreen vulnerability to deliver stealers through spam emails. The campaign employs lures related to healthcare, transportation, and tax notices to trick users into downloading malicious payloads. It utilizes techniques like DLL sideload…

Downloadable IOCs 12

This report provides an in-depth analysis of a newly discovered information stealer named Kematian-Stealer, actively developed on GitHub and distributed as open-source software. The malware employs various techniques to collect sensitive data from compromised systems, evade detection, and maintain …

Downloadable IOCs 4

The report analyzes Kematian Stealer, a sophisticated PowerShell-based malware that exfiltrates sensitive data from infected systems. It is a forked version of PowerShell Token Grabber, with added capabilities like GUI builder, anti-analysis features, and stealing WiFi passwords, screenshots, and s…

Downloadable IOCs 0

Recent observations indicate a surge in JavaScript spreading StrelaStealer, a credential stealer specifically targeting Outlook and Thunderbird email credentials. While the infection chain resembles previous versions, additional checks have been implemented to avoid compromising systems in Russia. …

Downloadable IOCs 5

Researchers uncover a new malware variant called Iluria Stealer, created by the developer behind Nikki Stealer, utilizing the alias 'Ykg.' Iluria Stealer is designed to steal Discord tokens, browser credentials, and payment information. It employs techniques like obfuscation, process injection, and…

Downloadable IOCs 5

This analysis delves into three distinct stealers: Acrid, ScarletStealer, and Sys01. Acrid is a new stealer found in December, employing the 'Heaven's Gate' technique to bypass security controls. ScarletStealer downloads additional executables and Chrome extensions to facilitate data theft. Sys01, …

Downloadable IOCs 5

This report details the analysis of a malspam campaign utilizing the Matanbuchus loader, which involved decrypting strings within the malware through emulation techniques. The investigation pivoted to uncover a Russian bulletproof hosting service, Proton66 OOO, that currently hosts various maliciou…

Downloadable IOCs 76

This report details the operation of the zEus stealer malware, which is distributed through a crafted Minecraft source pack. The malware collects sensitive information from victims' systems, including login credentials, browser data, and cryptocurrency wallets. It employs anti-analysis techniques a…

Downloadable IOCs 23

HijackLoader, also known as IDAT Loader, is a modular malware loader capable of executing multiple payloads. It utilizes a variety of modules for code injection, execution, and evasion techniques. This report analyzes the updated version of HijackLoader, which includes new modules for bypassing Win…

Downloadable IOCs 11

This in-depth analysis examines Fletchen stealer, an advanced information-stealing malware featuring potent anti-analysis capabilities. It explores the malware's tactics for data harvesting from compromised systems, exfiltration methods, and measures to evade detection. The report emphasizes the dy…

Downloadable IOCs 13

Crystal Rans0m is a newly discovered hybrid ransomware family developed in Rust, first observed in September 2023. It combines file encryption with data stealing capabilities, doubling its leverage over victims. The malware targets browser data, Discord tokens, Steam files, and Riot Games data. It …

Downloadable IOCs 5

Threat actors are using fake Google Meet web pages as part of the ClickFix campaign to deliver infostealers targeting Windows and macOS systems. The attackers display fake error messages in web browsers, tricking users into executing malicious PowerShell code. The campaign has expanded to impersona…

Downloadable IOCs 0

This intelligence report describes a technique employed by threat actors to compel victims into entering their credentials into a browser, thereby enabling the credentials to be stolen from the browser's credential store using traditional credential-stealing malware. The method involves launching t…

Downloadable IOCs 8

This comprehensive report analyzes Gomorrah Stealer, a sophisticated malware designed to exfiltrate sensitive information from compromised systems. It operates within a malware-as-a-service framework and targets data from web browsers, cryptocurrency wallets, VPNs, and configuration files. The stea…

Downloadable IOCs 6

Identified as a sophisticated dropper binary designed to deploy an information stealer dubbed BLX Stealer or XLABB Stealer, this malware has been actively promoted on Telegram and Discord platforms. It targets credentials, browser data, cryptocurrency wallets, and other sensitive personal informati…

Downloadable IOCs 5

This report provides an in-depth technical analysis of a new variant of the CryptBot infostealer, dubbed Yet Another Silly Stealer (YASS). It details the delivery chain, involving the MustardSandwich downloader, and dissects the YASS payload's functionalities, including its data gathering, encrypti…

Downloadable IOCs 13

In August 2024, eSentire's Threat Response Unit observed a sophisticated attack involving LummaC2 stealer malware and a malicious Google Chrome browser extension. The attack leveraged DLL side-loading to execute a loader delivering the malware and a PowerShell script that installed the extension. T…

Downloadable IOCs 7

This analysis examines a newly identified threat dubbed 'Ailurophile Stealer,' a malware designed to compromise victims' systems by extracting sensitive browser data including stored credentials, cookies, and browsing history. The stealer utilizes various techniques like placing malicious files in …

Downloadable IOCs 3

This report analyzes Cthulhu Stealer, a malware-as-a-service targeting macOS users to steal credentials and cryptocurrency wallets. It explores the malware's functionality, including prompting users for passwords, dumping keychain data, and exfiltrating stolen information. The analysis compares Cth…

Downloadable IOCs 9

The Cyble Research and Intelligence Lab (CRIL) discovered a sophisticated phishing website mimicking Google Safety Centre, designed to trick users into downloading malware. The malware, compromising security and stealing sensitive information, drops two threats: Latrodectus, which maintains persist…

Downloadable IOCs 15

G DATA has detected a novel information-stealing malware, dubbed 'Ailurophile Stealer'. It is a PHP-based stealer offered through a subscription model on its dedicated website. Customers utilize a web panel to generate customized malware variants, specifying features such as the malware name, icon,…

Downloadable IOCs 2

This report analyzes the D3F@ck Loader, a malware-as-a-service (MaaS) offering orchestrated by an individual going by the alias Sergei Panteleevich. The loader utilizes various evasion techniques, including the use of Extended Validation certificates, Inno Setup installers with custom Pascal script…

Downloadable IOCs 4

An analysis reveals the distribution of malware through an MSI package, specifically SectopRat and Redline stealer. The malware employs techniques like executing malicious scripts, disabling security measures, and establishing persistence through scheduled tasks. It communicates with command-and-co…

Downloadable IOCs 11

In July 2024, eSentire's Threat Response Unit observed a phishing attack leading to a 0bj3ctivity Stealer malware infection. The attack involved a malicious JavaScript file that retrieved and executed Ande Loader and the 0bj3ctivity Stealer. Ande Loader created persistence, downloaded additional pa…

Downloadable IOCs 2

This comprehensive technical analysis delves into the intricate workings of an advanced and localized malware campaign employing the RHADAMANTHYS stealer. Dissecting the infection chain, anti-analysis techniques, data theft capabilities, and Command & Control infrastructure, this detailed report sh…

Downloadable IOCs 5

A recent cybersecurity investigation uncovered a malware distribution campaign called DeerStealer. The malware was disseminated through counterfeit Google Authenticator websites, tricking visitors into downloading the malicious payload hosted on GitHub. Upon execution, the stealer collects system i…

Downloadable IOCs 28

An unknown threat actor created a deceptive advertisement that appeared as if it was from a reputable company, enticing users to click on it and visit a malicious website. The site hosted a digitally signed malicious file disguised as a popular multi-factor authentication application. Upon executio…

Downloadable IOCs 5

CrowdStrike Intelligence uncovered a phishing campaign impersonating CrowdStrike and distributing malicious files containing a Microsoft Installer (MSI) loader. The loader executes the commodity stealer 'Lumma Stealer' packed with 'CypherIt'. This campaign is likely linked to a previous 'Lumma Stea…

Downloadable IOCs 32

An unidentified threat actor exploited the July 19, 2024 Falcon sensor content issue to distribute a Python-based information stealer named Connecio. The malware was delivered via a malicious ZIP file masquerading as a Falcon update. Connecio collects system information, browser data, and exfiltrat…

Downloadable IOCs 30

An intelligence report outlines a campaign where an unidentified threat actor impersonated a Microsoft recovery manual through a malicious Word document containing macros. Upon execution, the macros downloaded a novel stealer now tracked as Daolpu. This stealer targets credentials stored in web bro…

Downloadable IOCs 6

This report details a malicious campaign exploiting the CVE-2024-21412 vulnerability in Microsoft Windows SmartScreen to bypass security warnings and deliver malware. Attackers employ crafted links, LNK files, and HTA scripts to download decoy PDFs and shell code injectors, ultimately injecting ste…

Downloadable IOCs 27

CYFIRMA discovered Braodo Stealer, a Python-based malware active since early 2024, primarily targeting users in Vietnam but also present in the US, Czechia, Germany, Netherlands, Singapore, and the UK. This malware utilizes GitHub and a Singapore-based VPS server to host and distribute its maliciou…

Downloadable IOCs 14

A malvertising campaign lures Mac users into downloading a counterfeit Microsoft Teams installer containing Atomic Stealer, a data-stealing malware. The campaign uses advanced filtering techniques, compromised ad accounts, and decoy pages to deliver unique payloads that bypass security measures. Up…

Downloadable IOCs 6

Cyble analyzes an ongoing campaign exploiting a Microsoft SmartScreen vulnerability to deliver stealers through spam emails. The campaign employs lures related to healthcare, transportation, and tax notices to trick users into downloading malicious payloads. It utilizes techniques like DLL sideload…

Downloadable IOCs 12

This report provides an in-depth analysis of a newly discovered information stealer named Kematian-Stealer, actively developed on GitHub and distributed as open-source software. The malware employs various techniques to collect sensitive data from compromised systems, evade detection, and maintain …

Downloadable IOCs 4

The report analyzes Kematian Stealer, a sophisticated PowerShell-based malware that exfiltrates sensitive data from infected systems. It is a forked version of PowerShell Token Grabber, with added capabilities like GUI builder, anti-analysis features, and stealing WiFi passwords, screenshots, and s…

Downloadable IOCs 0

Recent observations indicate a surge in JavaScript spreading StrelaStealer, a credential stealer specifically targeting Outlook and Thunderbird email credentials. While the infection chain resembles previous versions, additional checks have been implemented to avoid compromising systems in Russia. …

Downloadable IOCs 5

Researchers uncover a new malware variant called Iluria Stealer, created by the developer behind Nikki Stealer, utilizing the alias 'Ykg.' Iluria Stealer is designed to steal Discord tokens, browser credentials, and payment information. It employs techniques like obfuscation, process injection, and…

Downloadable IOCs 5

This analysis delves into three distinct stealers: Acrid, ScarletStealer, and Sys01. Acrid is a new stealer found in December, employing the 'Heaven's Gate' technique to bypass security controls. ScarletStealer downloads additional executables and Chrome extensions to facilitate data theft. Sys01, …

Downloadable IOCs 5

This report details the analysis of a malspam campaign utilizing the Matanbuchus loader, which involved decrypting strings within the malware through emulation techniques. The investigation pivoted to uncover a Russian bulletproof hosting service, Proton66 OOO, that currently hosts various maliciou…

Downloadable IOCs 76

This report details the operation of the zEus stealer malware, which is distributed through a crafted Minecraft source pack. The malware collects sensitive information from victims' systems, including login credentials, browser data, and cryptocurrency wallets. It employs anti-analysis techniques a…

Downloadable IOCs 23

HijackLoader, also known as IDAT Loader, is a modular malware loader capable of executing multiple payloads. It utilizes a variety of modules for code injection, execution, and evasion techniques. This report analyzes the updated version of HijackLoader, which includes new modules for bypassing Win…

Downloadable IOCs 11

This in-depth analysis examines Fletchen stealer, an advanced information-stealing malware featuring potent anti-analysis capabilities. It explores the malware's tactics for data harvesting from compromised systems, exfiltration methods, and measures to evade detection. The report emphasizes the dy…

Downloadable IOCs 13

Crystal Rans0m is a newly discovered hybrid ransomware family developed in Rust, first observed in September 2023. It combines file encryption with data stealing capabilities, doubling its leverage over victims. The malware targets browser data, Discord tokens, Steam files, and Riot Games data. It …

Downloadable IOCs 5

Threat actors are using fake Google Meet web pages as part of the ClickFix campaign to deliver infostealers targeting Windows and macOS systems. The attackers display fake error messages in web browsers, tricking users into executing malicious PowerShell code. The campaign has expanded to impersona…

Downloadable IOCs 0

This intelligence report describes a technique employed by threat actors to compel victims into entering their credentials into a browser, thereby enabling the credentials to be stolen from the browser's credential store using traditional credential-stealing malware. The method involves launching t…

Downloadable IOCs 8

This comprehensive report analyzes Gomorrah Stealer, a sophisticated malware designed to exfiltrate sensitive information from compromised systems. It operates within a malware-as-a-service framework and targets data from web browsers, cryptocurrency wallets, VPNs, and configuration files. The stea…

Downloadable IOCs 6

Identified as a sophisticated dropper binary designed to deploy an information stealer dubbed BLX Stealer or XLABB Stealer, this malware has been actively promoted on Telegram and Discord platforms. It targets credentials, browser data, cryptocurrency wallets, and other sensitive personal informati…

Downloadable IOCs 5

This report provides an in-depth technical analysis of a new variant of the CryptBot infostealer, dubbed Yet Another Silly Stealer (YASS). It details the delivery chain, involving the MustardSandwich downloader, and dissects the YASS payload's functionalities, including its data gathering, encrypti…

Downloadable IOCs 13

In August 2024, eSentire's Threat Response Unit observed a sophisticated attack involving LummaC2 stealer malware and a malicious Google Chrome browser extension. The attack leveraged DLL side-loading to execute a loader delivering the malware and a PowerShell script that installed the extension. T…

Downloadable IOCs 7

This analysis examines a newly identified threat dubbed 'Ailurophile Stealer,' a malware designed to compromise victims' systems by extracting sensitive browser data including stored credentials, cookies, and browsing history. The stealer utilizes various techniques like placing malicious files in …

Downloadable IOCs 3

This report analyzes Cthulhu Stealer, a malware-as-a-service targeting macOS users to steal credentials and cryptocurrency wallets. It explores the malware's functionality, including prompting users for passwords, dumping keychain data, and exfiltrating stolen information. The analysis compares Cth…

Downloadable IOCs 9

The Cyble Research and Intelligence Lab (CRIL) discovered a sophisticated phishing website mimicking Google Safety Centre, designed to trick users into downloading malware. The malware, compromising security and stealing sensitive information, drops two threats: Latrodectus, which maintains persist…

Downloadable IOCs 15

G DATA has detected a novel information-stealing malware, dubbed 'Ailurophile Stealer'. It is a PHP-based stealer offered through a subscription model on its dedicated website. Customers utilize a web panel to generate customized malware variants, specifying features such as the malware name, icon,…

Downloadable IOCs 2

This report analyzes the D3F@ck Loader, a malware-as-a-service (MaaS) offering orchestrated by an individual going by the alias Sergei Panteleevich. The loader utilizes various evasion techniques, including the use of Extended Validation certificates, Inno Setup installers with custom Pascal script…

Downloadable IOCs 4

An analysis reveals the distribution of malware through an MSI package, specifically SectopRat and Redline stealer. The malware employs techniques like executing malicious scripts, disabling security measures, and establishing persistence through scheduled tasks. It communicates with command-and-co…

Downloadable IOCs 11

In July 2024, eSentire's Threat Response Unit observed a phishing attack leading to a 0bj3ctivity Stealer malware infection. The attack involved a malicious JavaScript file that retrieved and executed Ande Loader and the 0bj3ctivity Stealer. Ande Loader created persistence, downloaded additional pa…

Downloadable IOCs 2

This comprehensive technical analysis delves into the intricate workings of an advanced and localized malware campaign employing the RHADAMANTHYS stealer. Dissecting the infection chain, anti-analysis techniques, data theft capabilities, and Command & Control infrastructure, this detailed report sh…

Downloadable IOCs 5

A recent cybersecurity investigation uncovered a malware distribution campaign called DeerStealer. The malware was disseminated through counterfeit Google Authenticator websites, tricking visitors into downloading the malicious payload hosted on GitHub. Upon execution, the stealer collects system i…

Downloadable IOCs 28

An unknown threat actor created a deceptive advertisement that appeared as if it was from a reputable company, enticing users to click on it and visit a malicious website. The site hosted a digitally signed malicious file disguised as a popular multi-factor authentication application. Upon executio…

Downloadable IOCs 5

CrowdStrike Intelligence uncovered a phishing campaign impersonating CrowdStrike and distributing malicious files containing a Microsoft Installer (MSI) loader. The loader executes the commodity stealer 'Lumma Stealer' packed with 'CypherIt'. This campaign is likely linked to a previous 'Lumma Stea…

Downloadable IOCs 32

An unidentified threat actor exploited the July 19, 2024 Falcon sensor content issue to distribute a Python-based information stealer named Connecio. The malware was delivered via a malicious ZIP file masquerading as a Falcon update. Connecio collects system information, browser data, and exfiltrat…

Downloadable IOCs 30

An intelligence report outlines a campaign where an unidentified threat actor impersonated a Microsoft recovery manual through a malicious Word document containing macros. Upon execution, the macros downloaded a novel stealer now tracked as Daolpu. This stealer targets credentials stored in web bro…

Downloadable IOCs 6

This report details a malicious campaign exploiting the CVE-2024-21412 vulnerability in Microsoft Windows SmartScreen to bypass security warnings and deliver malware. Attackers employ crafted links, LNK files, and HTA scripts to download decoy PDFs and shell code injectors, ultimately injecting ste…

Downloadable IOCs 27

CYFIRMA discovered Braodo Stealer, a Python-based malware active since early 2024, primarily targeting users in Vietnam but also present in the US, Czechia, Germany, Netherlands, Singapore, and the UK. This malware utilizes GitHub and a Singapore-based VPS server to host and distribute its maliciou…

Downloadable IOCs 14

A malvertising campaign lures Mac users into downloading a counterfeit Microsoft Teams installer containing Atomic Stealer, a data-stealing malware. The campaign uses advanced filtering techniques, compromised ad accounts, and decoy pages to deliver unique payloads that bypass security measures. Up…

Downloadable IOCs 6

Cyble analyzes an ongoing campaign exploiting a Microsoft SmartScreen vulnerability to deliver stealers through spam emails. The campaign employs lures related to healthcare, transportation, and tax notices to trick users into downloading malicious payloads. It utilizes techniques like DLL sideload…

Downloadable IOCs 12

This report provides an in-depth analysis of a newly discovered information stealer named Kematian-Stealer, actively developed on GitHub and distributed as open-source software. The malware employs various techniques to collect sensitive data from compromised systems, evade detection, and maintain …

Downloadable IOCs 4

The report analyzes Kematian Stealer, a sophisticated PowerShell-based malware that exfiltrates sensitive data from infected systems. It is a forked version of PowerShell Token Grabber, with added capabilities like GUI builder, anti-analysis features, and stealing WiFi passwords, screenshots, and s…

Downloadable IOCs 0

Recent observations indicate a surge in JavaScript spreading StrelaStealer, a credential stealer specifically targeting Outlook and Thunderbird email credentials. While the infection chain resembles previous versions, additional checks have been implemented to avoid compromising systems in Russia. …

Downloadable IOCs 5

Researchers uncover a new malware variant called Iluria Stealer, created by the developer behind Nikki Stealer, utilizing the alias 'Ykg.' Iluria Stealer is designed to steal Discord tokens, browser credentials, and payment information. It employs techniques like obfuscation, process injection, and…

Downloadable IOCs 5

This analysis delves into three distinct stealers: Acrid, ScarletStealer, and Sys01. Acrid is a new stealer found in December, employing the 'Heaven's Gate' technique to bypass security controls. ScarletStealer downloads additional executables and Chrome extensions to facilitate data theft. Sys01, …

Downloadable IOCs 5

This report details the analysis of a malspam campaign utilizing the Matanbuchus loader, which involved decrypting strings within the malware through emulation techniques. The investigation pivoted to uncover a Russian bulletproof hosting service, Proton66 OOO, that currently hosts various maliciou…

Downloadable IOCs 76

This report details the operation of the zEus stealer malware, which is distributed through a crafted Minecraft source pack. The malware collects sensitive information from victims' systems, including login credentials, browser data, and cryptocurrency wallets. It employs anti-analysis techniques a…

Downloadable IOCs 23

HijackLoader, also known as IDAT Loader, is a modular malware loader capable of executing multiple payloads. It utilizes a variety of modules for code injection, execution, and evasion techniques. This report analyzes the updated version of HijackLoader, which includes new modules for bypassing Win…

Downloadable IOCs 11

This in-depth analysis examines Fletchen stealer, an advanced information-stealing malware featuring potent anti-analysis capabilities. It explores the malware's tactics for data harvesting from compromised systems, exfiltration methods, and measures to evade detection. The report emphasizes the dy…

Downloadable IOCs 13

Crystal Rans0m is a newly discovered hybrid ransomware family developed in Rust, first observed in September 2023. It combines file encryption with data stealing capabilities, doubling its leverage over victims. The malware targets browser data, Discord tokens, Steam files, and Riot Games data. It …

Downloadable IOCs 5

Threat actors are using fake Google Meet web pages as part of the ClickFix campaign to deliver infostealers targeting Windows and macOS systems. The attackers display fake error messages in web browsers, tricking users into executing malicious PowerShell code. The campaign has expanded to impersona…

Downloadable IOCs 0

This intelligence report describes a technique employed by threat actors to compel victims into entering their credentials into a browser, thereby enabling the credentials to be stolen from the browser's credential store using traditional credential-stealing malware. The method involves launching t…

Downloadable IOCs 8

This comprehensive report analyzes Gomorrah Stealer, a sophisticated malware designed to exfiltrate sensitive information from compromised systems. It operates within a malware-as-a-service framework and targets data from web browsers, cryptocurrency wallets, VPNs, and configuration files. The stea…

Downloadable IOCs 6

Identified as a sophisticated dropper binary designed to deploy an information stealer dubbed BLX Stealer or XLABB Stealer, this malware has been actively promoted on Telegram and Discord platforms. It targets credentials, browser data, cryptocurrency wallets, and other sensitive personal informati…

Downloadable IOCs 5

This report provides an in-depth technical analysis of a new variant of the CryptBot infostealer, dubbed Yet Another Silly Stealer (YASS). It details the delivery chain, involving the MustardSandwich downloader, and dissects the YASS payload's functionalities, including its data gathering, encrypti…

Downloadable IOCs 13

In August 2024, eSentire's Threat Response Unit observed a sophisticated attack involving LummaC2 stealer malware and a malicious Google Chrome browser extension. The attack leveraged DLL side-loading to execute a loader delivering the malware and a PowerShell script that installed the extension. T…

Downloadable IOCs 7

This analysis examines a newly identified threat dubbed 'Ailurophile Stealer,' a malware designed to compromise victims' systems by extracting sensitive browser data including stored credentials, cookies, and browsing history. The stealer utilizes various techniques like placing malicious files in …

Downloadable IOCs 3

This report analyzes Cthulhu Stealer, a malware-as-a-service targeting macOS users to steal credentials and cryptocurrency wallets. It explores the malware's functionality, including prompting users for passwords, dumping keychain data, and exfiltrating stolen information. The analysis compares Cth…

Downloadable IOCs 9

The Cyble Research and Intelligence Lab (CRIL) discovered a sophisticated phishing website mimicking Google Safety Centre, designed to trick users into downloading malware. The malware, compromising security and stealing sensitive information, drops two threats: Latrodectus, which maintains persist…

Downloadable IOCs 15

G DATA has detected a novel information-stealing malware, dubbed 'Ailurophile Stealer'. It is a PHP-based stealer offered through a subscription model on its dedicated website. Customers utilize a web panel to generate customized malware variants, specifying features such as the malware name, icon,…

Downloadable IOCs 2

This report analyzes the D3F@ck Loader, a malware-as-a-service (MaaS) offering orchestrated by an individual going by the alias Sergei Panteleevich. The loader utilizes various evasion techniques, including the use of Extended Validation certificates, Inno Setup installers with custom Pascal script…

Downloadable IOCs 4

An analysis reveals the distribution of malware through an MSI package, specifically SectopRat and Redline stealer. The malware employs techniques like executing malicious scripts, disabling security measures, and establishing persistence through scheduled tasks. It communicates with command-and-co…

Downloadable IOCs 11

In July 2024, eSentire's Threat Response Unit observed a phishing attack leading to a 0bj3ctivity Stealer malware infection. The attack involved a malicious JavaScript file that retrieved and executed Ande Loader and the 0bj3ctivity Stealer. Ande Loader created persistence, downloaded additional pa…

Downloadable IOCs 2

This comprehensive technical analysis delves into the intricate workings of an advanced and localized malware campaign employing the RHADAMANTHYS stealer. Dissecting the infection chain, anti-analysis techniques, data theft capabilities, and Command & Control infrastructure, this detailed report sh…

Downloadable IOCs 5

A recent cybersecurity investigation uncovered a malware distribution campaign called DeerStealer. The malware was disseminated through counterfeit Google Authenticator websites, tricking visitors into downloading the malicious payload hosted on GitHub. Upon execution, the stealer collects system i…

Downloadable IOCs 28

An unknown threat actor created a deceptive advertisement that appeared as if it was from a reputable company, enticing users to click on it and visit a malicious website. The site hosted a digitally signed malicious file disguised as a popular multi-factor authentication application. Upon executio…

Downloadable IOCs 5

CrowdStrike Intelligence uncovered a phishing campaign impersonating CrowdStrike and distributing malicious files containing a Microsoft Installer (MSI) loader. The loader executes the commodity stealer 'Lumma Stealer' packed with 'CypherIt'. This campaign is likely linked to a previous 'Lumma Stea…

Downloadable IOCs 32

An unidentified threat actor exploited the July 19, 2024 Falcon sensor content issue to distribute a Python-based information stealer named Connecio. The malware was delivered via a malicious ZIP file masquerading as a Falcon update. Connecio collects system information, browser data, and exfiltrat…

Downloadable IOCs 30

An intelligence report outlines a campaign where an unidentified threat actor impersonated a Microsoft recovery manual through a malicious Word document containing macros. Upon execution, the macros downloaded a novel stealer now tracked as Daolpu. This stealer targets credentials stored in web bro…

Downloadable IOCs 6

This report details a malicious campaign exploiting the CVE-2024-21412 vulnerability in Microsoft Windows SmartScreen to bypass security warnings and deliver malware. Attackers employ crafted links, LNK files, and HTA scripts to download decoy PDFs and shell code injectors, ultimately injecting ste…

Downloadable IOCs 27

CYFIRMA discovered Braodo Stealer, a Python-based malware active since early 2024, primarily targeting users in Vietnam but also present in the US, Czechia, Germany, Netherlands, Singapore, and the UK. This malware utilizes GitHub and a Singapore-based VPS server to host and distribute its maliciou…

Downloadable IOCs 14

A malvertising campaign lures Mac users into downloading a counterfeit Microsoft Teams installer containing Atomic Stealer, a data-stealing malware. The campaign uses advanced filtering techniques, compromised ad accounts, and decoy pages to deliver unique payloads that bypass security measures. Up…

Downloadable IOCs 6

Cyble analyzes an ongoing campaign exploiting a Microsoft SmartScreen vulnerability to deliver stealers through spam emails. The campaign employs lures related to healthcare, transportation, and tax notices to trick users into downloading malicious payloads. It utilizes techniques like DLL sideload…

Downloadable IOCs 12

This report provides an in-depth analysis of a newly discovered information stealer named Kematian-Stealer, actively developed on GitHub and distributed as open-source software. The malware employs various techniques to collect sensitive data from compromised systems, evade detection, and maintain …

Downloadable IOCs 4

The report analyzes Kematian Stealer, a sophisticated PowerShell-based malware that exfiltrates sensitive data from infected systems. It is a forked version of PowerShell Token Grabber, with added capabilities like GUI builder, anti-analysis features, and stealing WiFi passwords, screenshots, and s…

Downloadable IOCs 0

Recent observations indicate a surge in JavaScript spreading StrelaStealer, a credential stealer specifically targeting Outlook and Thunderbird email credentials. While the infection chain resembles previous versions, additional checks have been implemented to avoid compromising systems in Russia. …

Downloadable IOCs 5

Researchers uncover a new malware variant called Iluria Stealer, created by the developer behind Nikki Stealer, utilizing the alias 'Ykg.' Iluria Stealer is designed to steal Discord tokens, browser credentials, and payment information. It employs techniques like obfuscation, process injection, and…

Downloadable IOCs 5

This analysis delves into three distinct stealers: Acrid, ScarletStealer, and Sys01. Acrid is a new stealer found in December, employing the 'Heaven's Gate' technique to bypass security controls. ScarletStealer downloads additional executables and Chrome extensions to facilitate data theft. Sys01, …

Downloadable IOCs 5

This report details the analysis of a malspam campaign utilizing the Matanbuchus loader, which involved decrypting strings within the malware through emulation techniques. The investigation pivoted to uncover a Russian bulletproof hosting service, Proton66 OOO, that currently hosts various maliciou…

Downloadable IOCs 76

This report details the operation of the zEus stealer malware, which is distributed through a crafted Minecraft source pack. The malware collects sensitive information from victims' systems, including login credentials, browser data, and cryptocurrency wallets. It employs anti-analysis techniques a…

Downloadable IOCs 23

HijackLoader, also known as IDAT Loader, is a modular malware loader capable of executing multiple payloads. It utilizes a variety of modules for code injection, execution, and evasion techniques. This report analyzes the updated version of HijackLoader, which includes new modules for bypassing Win…

Downloadable IOCs 11

This in-depth analysis examines Fletchen stealer, an advanced information-stealing malware featuring potent anti-analysis capabilities. It explores the malware's tactics for data harvesting from compromised systems, exfiltration methods, and measures to evade detection. The report emphasizes the dy…

Downloadable IOCs 13

Crystal Rans0m is a newly discovered hybrid ransomware family developed in Rust, first observed in September 2023. It combines file encryption with data stealing capabilities, doubling its leverage over victims. The malware targets browser data, Discord tokens, Steam files, and Riot Games data. It …

Downloadable IOCs 5

Threat actors are using fake Google Meet web pages as part of the ClickFix campaign to deliver infostealers targeting Windows and macOS systems. The attackers display fake error messages in web browsers, tricking users into executing malicious PowerShell code. The campaign has expanded to impersona…

Downloadable IOCs 0

This intelligence report describes a technique employed by threat actors to compel victims into entering their credentials into a browser, thereby enabling the credentials to be stolen from the browser's credential store using traditional credential-stealing malware. The method involves launching t…

Downloadable IOCs 8

This comprehensive report analyzes Gomorrah Stealer, a sophisticated malware designed to exfiltrate sensitive information from compromised systems. It operates within a malware-as-a-service framework and targets data from web browsers, cryptocurrency wallets, VPNs, and configuration files. The stea…

Downloadable IOCs 6

Identified as a sophisticated dropper binary designed to deploy an information stealer dubbed BLX Stealer or XLABB Stealer, this malware has been actively promoted on Telegram and Discord platforms. It targets credentials, browser data, cryptocurrency wallets, and other sensitive personal informati…

Downloadable IOCs 5

This report provides an in-depth technical analysis of a new variant of the CryptBot infostealer, dubbed Yet Another Silly Stealer (YASS). It details the delivery chain, involving the MustardSandwich downloader, and dissects the YASS payload's functionalities, including its data gathering, encrypti…

Downloadable IOCs 13

In August 2024, eSentire's Threat Response Unit observed a sophisticated attack involving LummaC2 stealer malware and a malicious Google Chrome browser extension. The attack leveraged DLL side-loading to execute a loader delivering the malware and a PowerShell script that installed the extension. T…

Downloadable IOCs 7

This analysis examines a newly identified threat dubbed 'Ailurophile Stealer,' a malware designed to compromise victims' systems by extracting sensitive browser data including stored credentials, cookies, and browsing history. The stealer utilizes various techniques like placing malicious files in …

Downloadable IOCs 3

This report analyzes Cthulhu Stealer, a malware-as-a-service targeting macOS users to steal credentials and cryptocurrency wallets. It explores the malware's functionality, including prompting users for passwords, dumping keychain data, and exfiltrating stolen information. The analysis compares Cth…

Downloadable IOCs 9

The Cyble Research and Intelligence Lab (CRIL) discovered a sophisticated phishing website mimicking Google Safety Centre, designed to trick users into downloading malware. The malware, compromising security and stealing sensitive information, drops two threats: Latrodectus, which maintains persist…

Downloadable IOCs 15

G DATA has detected a novel information-stealing malware, dubbed 'Ailurophile Stealer'. It is a PHP-based stealer offered through a subscription model on its dedicated website. Customers utilize a web panel to generate customized malware variants, specifying features such as the malware name, icon,…

Downloadable IOCs 2

This report analyzes the D3F@ck Loader, a malware-as-a-service (MaaS) offering orchestrated by an individual going by the alias Sergei Panteleevich. The loader utilizes various evasion techniques, including the use of Extended Validation certificates, Inno Setup installers with custom Pascal script…

Downloadable IOCs 4

An analysis reveals the distribution of malware through an MSI package, specifically SectopRat and Redline stealer. The malware employs techniques like executing malicious scripts, disabling security measures, and establishing persistence through scheduled tasks. It communicates with command-and-co…

Downloadable IOCs 11

In July 2024, eSentire's Threat Response Unit observed a phishing attack leading to a 0bj3ctivity Stealer malware infection. The attack involved a malicious JavaScript file that retrieved and executed Ande Loader and the 0bj3ctivity Stealer. Ande Loader created persistence, downloaded additional pa…

Downloadable IOCs 2

This comprehensive technical analysis delves into the intricate workings of an advanced and localized malware campaign employing the RHADAMANTHYS stealer. Dissecting the infection chain, anti-analysis techniques, data theft capabilities, and Command & Control infrastructure, this detailed report sh…

Downloadable IOCs 5

A recent cybersecurity investigation uncovered a malware distribution campaign called DeerStealer. The malware was disseminated through counterfeit Google Authenticator websites, tricking visitors into downloading the malicious payload hosted on GitHub. Upon execution, the stealer collects system i…

Downloadable IOCs 28

An unknown threat actor created a deceptive advertisement that appeared as if it was from a reputable company, enticing users to click on it and visit a malicious website. The site hosted a digitally signed malicious file disguised as a popular multi-factor authentication application. Upon executio…

Downloadable IOCs 5

CrowdStrike Intelligence uncovered a phishing campaign impersonating CrowdStrike and distributing malicious files containing a Microsoft Installer (MSI) loader. The loader executes the commodity stealer 'Lumma Stealer' packed with 'CypherIt'. This campaign is likely linked to a previous 'Lumma Stea…

Downloadable IOCs 32

An unidentified threat actor exploited the July 19, 2024 Falcon sensor content issue to distribute a Python-based information stealer named Connecio. The malware was delivered via a malicious ZIP file masquerading as a Falcon update. Connecio collects system information, browser data, and exfiltrat…

Downloadable IOCs 30

An intelligence report outlines a campaign where an unidentified threat actor impersonated a Microsoft recovery manual through a malicious Word document containing macros. Upon execution, the macros downloaded a novel stealer now tracked as Daolpu. This stealer targets credentials stored in web bro…

Downloadable IOCs 6

This report details a malicious campaign exploiting the CVE-2024-21412 vulnerability in Microsoft Windows SmartScreen to bypass security warnings and deliver malware. Attackers employ crafted links, LNK files, and HTA scripts to download decoy PDFs and shell code injectors, ultimately injecting ste…

Downloadable IOCs 27

CYFIRMA discovered Braodo Stealer, a Python-based malware active since early 2024, primarily targeting users in Vietnam but also present in the US, Czechia, Germany, Netherlands, Singapore, and the UK. This malware utilizes GitHub and a Singapore-based VPS server to host and distribute its maliciou…

Downloadable IOCs 14

A malvertising campaign lures Mac users into downloading a counterfeit Microsoft Teams installer containing Atomic Stealer, a data-stealing malware. The campaign uses advanced filtering techniques, compromised ad accounts, and decoy pages to deliver unique payloads that bypass security measures. Up…

Downloadable IOCs 6

Cyble analyzes an ongoing campaign exploiting a Microsoft SmartScreen vulnerability to deliver stealers through spam emails. The campaign employs lures related to healthcare, transportation, and tax notices to trick users into downloading malicious payloads. It utilizes techniques like DLL sideload…

Downloadable IOCs 12

This report provides an in-depth analysis of a newly discovered information stealer named Kematian-Stealer, actively developed on GitHub and distributed as open-source software. The malware employs various techniques to collect sensitive data from compromised systems, evade detection, and maintain …

Downloadable IOCs 4

The report analyzes Kematian Stealer, a sophisticated PowerShell-based malware that exfiltrates sensitive data from infected systems. It is a forked version of PowerShell Token Grabber, with added capabilities like GUI builder, anti-analysis features, and stealing WiFi passwords, screenshots, and s…

Downloadable IOCs 0

Recent observations indicate a surge in JavaScript spreading StrelaStealer, a credential stealer specifically targeting Outlook and Thunderbird email credentials. While the infection chain resembles previous versions, additional checks have been implemented to avoid compromising systems in Russia. …

Downloadable IOCs 5

Researchers uncover a new malware variant called Iluria Stealer, created by the developer behind Nikki Stealer, utilizing the alias 'Ykg.' Iluria Stealer is designed to steal Discord tokens, browser credentials, and payment information. It employs techniques like obfuscation, process injection, and…

Downloadable IOCs 5

This analysis delves into three distinct stealers: Acrid, ScarletStealer, and Sys01. Acrid is a new stealer found in December, employing the 'Heaven's Gate' technique to bypass security controls. ScarletStealer downloads additional executables and Chrome extensions to facilitate data theft. Sys01, …

Downloadable IOCs 5

This report details the analysis of a malspam campaign utilizing the Matanbuchus loader, which involved decrypting strings within the malware through emulation techniques. The investigation pivoted to uncover a Russian bulletproof hosting service, Proton66 OOO, that currently hosts various maliciou…

Downloadable IOCs 76

This report details the operation of the zEus stealer malware, which is distributed through a crafted Minecraft source pack. The malware collects sensitive information from victims' systems, including login credentials, browser data, and cryptocurrency wallets. It employs anti-analysis techniques a…

Downloadable IOCs 23

HijackLoader, also known as IDAT Loader, is a modular malware loader capable of executing multiple payloads. It utilizes a variety of modules for code injection, execution, and evasion techniques. This report analyzes the updated version of HijackLoader, which includes new modules for bypassing Win…

Downloadable IOCs 11

This in-depth analysis examines Fletchen stealer, an advanced information-stealing malware featuring potent anti-analysis capabilities. It explores the malware's tactics for data harvesting from compromised systems, exfiltration methods, and measures to evade detection. The report emphasizes the dy…

Downloadable IOCs 13

Crystal Rans0m is a newly discovered hybrid ransomware family developed in Rust, first observed in September 2023. It combines file encryption with data stealing capabilities, doubling its leverage over victims. The malware targets browser data, Discord tokens, Steam files, and Riot Games data. It …

Downloadable IOCs 5

Threat actors are using fake Google Meet web pages as part of the ClickFix campaign to deliver infostealers targeting Windows and macOS systems. The attackers display fake error messages in web browsers, tricking users into executing malicious PowerShell code. The campaign has expanded to impersona…

Downloadable IOCs 0

This intelligence report describes a technique employed by threat actors to compel victims into entering their credentials into a browser, thereby enabling the credentials to be stolen from the browser's credential store using traditional credential-stealing malware. The method involves launching t…

Downloadable IOCs 8

This comprehensive report analyzes Gomorrah Stealer, a sophisticated malware designed to exfiltrate sensitive information from compromised systems. It operates within a malware-as-a-service framework and targets data from web browsers, cryptocurrency wallets, VPNs, and configuration files. The stea…

Downloadable IOCs 6

Identified as a sophisticated dropper binary designed to deploy an information stealer dubbed BLX Stealer or XLABB Stealer, this malware has been actively promoted on Telegram and Discord platforms. It targets credentials, browser data, cryptocurrency wallets, and other sensitive personal informati…

Downloadable IOCs 5

This report provides an in-depth technical analysis of a new variant of the CryptBot infostealer, dubbed Yet Another Silly Stealer (YASS). It details the delivery chain, involving the MustardSandwich downloader, and dissects the YASS payload's functionalities, including its data gathering, encrypti…

Downloadable IOCs 13

In August 2024, eSentire's Threat Response Unit observed a sophisticated attack involving LummaC2 stealer malware and a malicious Google Chrome browser extension. The attack leveraged DLL side-loading to execute a loader delivering the malware and a PowerShell script that installed the extension. T…

Downloadable IOCs 7

This analysis examines a newly identified threat dubbed 'Ailurophile Stealer,' a malware designed to compromise victims' systems by extracting sensitive browser data including stored credentials, cookies, and browsing history. The stealer utilizes various techniques like placing malicious files in …

Downloadable IOCs 3

This report analyzes Cthulhu Stealer, a malware-as-a-service targeting macOS users to steal credentials and cryptocurrency wallets. It explores the malware's functionality, including prompting users for passwords, dumping keychain data, and exfiltrating stolen information. The analysis compares Cth…

Downloadable IOCs 9

The Cyble Research and Intelligence Lab (CRIL) discovered a sophisticated phishing website mimicking Google Safety Centre, designed to trick users into downloading malware. The malware, compromising security and stealing sensitive information, drops two threats: Latrodectus, which maintains persist…

Downloadable IOCs 15

G DATA has detected a novel information-stealing malware, dubbed 'Ailurophile Stealer'. It is a PHP-based stealer offered through a subscription model on its dedicated website. Customers utilize a web panel to generate customized malware variants, specifying features such as the malware name, icon,…

Downloadable IOCs 2

This report analyzes the D3F@ck Loader, a malware-as-a-service (MaaS) offering orchestrated by an individual going by the alias Sergei Panteleevich. The loader utilizes various evasion techniques, including the use of Extended Validation certificates, Inno Setup installers with custom Pascal script…

Downloadable IOCs 4

An analysis reveals the distribution of malware through an MSI package, specifically SectopRat and Redline stealer. The malware employs techniques like executing malicious scripts, disabling security measures, and establishing persistence through scheduled tasks. It communicates with command-and-co…

Downloadable IOCs 11

In July 2024, eSentire's Threat Response Unit observed a phishing attack leading to a 0bj3ctivity Stealer malware infection. The attack involved a malicious JavaScript file that retrieved and executed Ande Loader and the 0bj3ctivity Stealer. Ande Loader created persistence, downloaded additional pa…

Downloadable IOCs 2

This comprehensive technical analysis delves into the intricate workings of an advanced and localized malware campaign employing the RHADAMANTHYS stealer. Dissecting the infection chain, anti-analysis techniques, data theft capabilities, and Command & Control infrastructure, this detailed report sh…

Downloadable IOCs 5

A recent cybersecurity investigation uncovered a malware distribution campaign called DeerStealer. The malware was disseminated through counterfeit Google Authenticator websites, tricking visitors into downloading the malicious payload hosted on GitHub. Upon execution, the stealer collects system i…

Downloadable IOCs 28

An unknown threat actor created a deceptive advertisement that appeared as if it was from a reputable company, enticing users to click on it and visit a malicious website. The site hosted a digitally signed malicious file disguised as a popular multi-factor authentication application. Upon executio…

Downloadable IOCs 5

CrowdStrike Intelligence uncovered a phishing campaign impersonating CrowdStrike and distributing malicious files containing a Microsoft Installer (MSI) loader. The loader executes the commodity stealer 'Lumma Stealer' packed with 'CypherIt'. This campaign is likely linked to a previous 'Lumma Stea…

Downloadable IOCs 32

An unidentified threat actor exploited the July 19, 2024 Falcon sensor content issue to distribute a Python-based information stealer named Connecio. The malware was delivered via a malicious ZIP file masquerading as a Falcon update. Connecio collects system information, browser data, and exfiltrat…

Downloadable IOCs 30

An intelligence report outlines a campaign where an unidentified threat actor impersonated a Microsoft recovery manual through a malicious Word document containing macros. Upon execution, the macros downloaded a novel stealer now tracked as Daolpu. This stealer targets credentials stored in web bro…

Downloadable IOCs 6

This report details a malicious campaign exploiting the CVE-2024-21412 vulnerability in Microsoft Windows SmartScreen to bypass security warnings and deliver malware. Attackers employ crafted links, LNK files, and HTA scripts to download decoy PDFs and shell code injectors, ultimately injecting ste…

Downloadable IOCs 27

CYFIRMA discovered Braodo Stealer, a Python-based malware active since early 2024, primarily targeting users in Vietnam but also present in the US, Czechia, Germany, Netherlands, Singapore, and the UK. This malware utilizes GitHub and a Singapore-based VPS server to host and distribute its maliciou…

Downloadable IOCs 14

A malvertising campaign lures Mac users into downloading a counterfeit Microsoft Teams installer containing Atomic Stealer, a data-stealing malware. The campaign uses advanced filtering techniques, compromised ad accounts, and decoy pages to deliver unique payloads that bypass security measures. Up…

Downloadable IOCs 6

Cyble analyzes an ongoing campaign exploiting a Microsoft SmartScreen vulnerability to deliver stealers through spam emails. The campaign employs lures related to healthcare, transportation, and tax notices to trick users into downloading malicious payloads. It utilizes techniques like DLL sideload…

Downloadable IOCs 12

This report provides an in-depth analysis of a newly discovered information stealer named Kematian-Stealer, actively developed on GitHub and distributed as open-source software. The malware employs various techniques to collect sensitive data from compromised systems, evade detection, and maintain …

Downloadable IOCs 4

The report analyzes Kematian Stealer, a sophisticated PowerShell-based malware that exfiltrates sensitive data from infected systems. It is a forked version of PowerShell Token Grabber, with added capabilities like GUI builder, anti-analysis features, and stealing WiFi passwords, screenshots, and s…

Downloadable IOCs 0

Recent observations indicate a surge in JavaScript spreading StrelaStealer, a credential stealer specifically targeting Outlook and Thunderbird email credentials. While the infection chain resembles previous versions, additional checks have been implemented to avoid compromising systems in Russia. …

Downloadable IOCs 5

Researchers uncover a new malware variant called Iluria Stealer, created by the developer behind Nikki Stealer, utilizing the alias 'Ykg.' Iluria Stealer is designed to steal Discord tokens, browser credentials, and payment information. It employs techniques like obfuscation, process injection, and…

Downloadable IOCs 5

This analysis delves into three distinct stealers: Acrid, ScarletStealer, and Sys01. Acrid is a new stealer found in December, employing the 'Heaven's Gate' technique to bypass security controls. ScarletStealer downloads additional executables and Chrome extensions to facilitate data theft. Sys01, …

Downloadable IOCs 5

This report details the analysis of a malspam campaign utilizing the Matanbuchus loader, which involved decrypting strings within the malware through emulation techniques. The investigation pivoted to uncover a Russian bulletproof hosting service, Proton66 OOO, that currently hosts various maliciou…

Downloadable IOCs 76

This report details the operation of the zEus stealer malware, which is distributed through a crafted Minecraft source pack. The malware collects sensitive information from victims' systems, including login credentials, browser data, and cryptocurrency wallets. It employs anti-analysis techniques a…

Downloadable IOCs 23

HijackLoader, also known as IDAT Loader, is a modular malware loader capable of executing multiple payloads. It utilizes a variety of modules for code injection, execution, and evasion techniques. This report analyzes the updated version of HijackLoader, which includes new modules for bypassing Win…

Downloadable IOCs 11

This in-depth analysis examines Fletchen stealer, an advanced information-stealing malware featuring potent anti-analysis capabilities. It explores the malware's tactics for data harvesting from compromised systems, exfiltration methods, and measures to evade detection. The report emphasizes the dy…

Downloadable IOCs 13

Crystal Rans0m is a newly discovered hybrid ransomware family developed in Rust, first observed in September 2023. It combines file encryption with data stealing capabilities, doubling its leverage over victims. The malware targets browser data, Discord tokens, Steam files, and Riot Games data. It …

Downloadable IOCs 5

Threat actors are using fake Google Meet web pages as part of the ClickFix campaign to deliver infostealers targeting Windows and macOS systems. The attackers display fake error messages in web browsers, tricking users into executing malicious PowerShell code. The campaign has expanded to impersona…

Downloadable IOCs 0

This intelligence report describes a technique employed by threat actors to compel victims into entering their credentials into a browser, thereby enabling the credentials to be stolen from the browser's credential store using traditional credential-stealing malware. The method involves launching t…

Downloadable IOCs 8

This comprehensive report analyzes Gomorrah Stealer, a sophisticated malware designed to exfiltrate sensitive information from compromised systems. It operates within a malware-as-a-service framework and targets data from web browsers, cryptocurrency wallets, VPNs, and configuration files. The stea…

Downloadable IOCs 6

Identified as a sophisticated dropper binary designed to deploy an information stealer dubbed BLX Stealer or XLABB Stealer, this malware has been actively promoted on Telegram and Discord platforms. It targets credentials, browser data, cryptocurrency wallets, and other sensitive personal informati…

Downloadable IOCs 5

This report provides an in-depth technical analysis of a new variant of the CryptBot infostealer, dubbed Yet Another Silly Stealer (YASS). It details the delivery chain, involving the MustardSandwich downloader, and dissects the YASS payload's functionalities, including its data gathering, encrypti…

Downloadable IOCs 13

In August 2024, eSentire's Threat Response Unit observed a sophisticated attack involving LummaC2 stealer malware and a malicious Google Chrome browser extension. The attack leveraged DLL side-loading to execute a loader delivering the malware and a PowerShell script that installed the extension. T…

Downloadable IOCs 7