A new malware campaign has been observed concentrating on Italy with phishing emails built to deploy an facts stealer on compromised Windows methods.
“The data-stealer malware steals sensitive information like technique information, crypto wallet and browser histories, cookies, and credentials of crypto wallets from target devices,” Uptycs security researcher Karthickkumar Kathiresan stated in a report.
Details of the marketing campaign had been initial disclosed by Milan-based IT services company SI.net very last thirty day period.
The multi-stage infection sequence commences with an bill-themed phishing email that contains a link that, when clicked, downloads a password-secured ZIP archive file, which harbors two information: A shortcut (.LNK) file and a batch (.BAT) file.
Irrespective of which file is launched, the attack chain stays the similar, as opening the shortcut file fetches the identical batch script created to put in the facts stealer payload from a GitHub repository. This is achieved by leveraging a genuine PowerShell binary that’s also retrieved from GitHub.
Once put in, the C#-based mostly malware gathers process metadata, and information and facts from dozens of web browsers (e.g., cookies, bookmarks, credit cards, downloads, and credentials), as nicely as various cryptocurrency wallets, all of which is transmitted to an actor-controlled domain.
To mitigate this kind of attacks, companies are advised to apply “tight security controls and multi-layered visibility and security options to identify and detect malware.”
Uncovered this article interesting? Follow us on Twitter and LinkedIn to examine extra unique material we post.
Some pieces of this report are sourced from: