RedLine is a stealer distributed as cracked games, applications, and services.
The malware steals information from web browsers, cryptocurrency wallets, and applications such as FileZilla, Discord, Steam, Telegram, and VPN clients. The binary also gathers data about the infected machine, such as the running processes, antivirus products, installed programs, the Windows product name, the processor architecture, etc.…
The popularity of Cryptocurrency has increased exponentially over the recent years as dealing with crypto has become relatively hassle-free and more accessible. The financial returns of crypto investments have attracted many investors to invest in crypto markets.
As the demand for crypto investment has increased over the years, we can also see a corresponding rise in the number of crypto wallets.…
During a routine threat-hunting exercise, Cyble Research Labs discovered an unknown Rust-based stealer, which we have dubbed “Luca Stealer.” The source code of this stealer was leaked on a popular cybercrime forum for free on July 3, 2022. We have already witnessed over 25 samples based on this source code present in the wild.…
During our routine Threat-Hunting exercise, Cyble Research Labs came across a new stealer named “PennyWise” shared by a researcher. The stealer appears to have been developed recently. Though this stealer is fresh, the Threat Actor(s) (TA) has already rolled an updated version, 1.3.4.
Our investigation indicates that the stealer is an emerging threat, and we have witnessed multiple samples of this stealer active in the wild.…
Raccoon Stealer was one of the most prolific information stealers in 2021, being used by multiple cybercriminal actors. Due to its wide stealing capabilities, the customizability of the malware and its ease of use, Raccoon Stealer was highly popular among threat actors. The malware was mainly distributed using fake installers, or as cracked versions of popular software.…
CERT-UA broke news on June 10, 2022 that various media outlets in Ukraine were targeted with emails containing a malicious document “СПИСОК_посилань_на_інтерактивні_карти.docx” (translated to English as “LIST_of_links_interactive_maps.docx”). According to the report, the document leverages a then zero-day vulnerability in the Microsoft Support Diagnostic Tool (MSDT), CVE-2022-30190 (Follina).…
This blog post was authored by Jérôme Segura
We have seen and heard less buzz about ‘Magecart’ during the past several months. While some marketing playbooks continue to rehash the same breaches of yesteryear, we have been wondering if some changes took place in the threat landscape.…
Zero-day exploits or recently patched/unpatched vulnerabilities are attractive targets for Threat Actors (TAs) to deploy malware efficiently. TAs leverages these vulnerabilities and exploits them to deliver the various types of malware to steal sensitive information for financial gain.
On June 11th, 2022, Microsoft tweeted a post where they mentioned that CVE-2022-26134 was being exploited to download and deploy the Cerber2021 ransomware (also known as “CerberImposter”).…
During our routine threat hunting exercise, Cyble Research Labs came across a Twitter Post wherein the researcher mentioned an Android malware variant published on the Play Store. The variant in question acts as a Hostile Downloader and downloads the Hydra Banking Trojan.
The downloaded app has the same functionality as recently encountered Hydra variants targeting Columbia.…
During the course of our work at Confiant, we see malicious activity on a daily basis. What matters the most for us is the ability to:
Protect our existing customers. Share unique threat intelligence. Keep finding unique vantage points for better detection.…Introduction
On May 31, a critical unpatched vulnerability, which affects all confluence server and data center supported versions was reported to Atlassian by Volexity, a security company.
Atlassian warned their customers of the critical vulnerability on June 2 and issued a patch a day later. CISA added this vulnerability to their list of Known Exploited Vulnerabilities on June 3.…
Users who download cracked software risk sensitive personal data being stolen by hackers.
Are you interested in downloading free, cracked software? If so, you should know what you’re getting into.
When you accidentally download malicious cracked software, attackers can take everything you have on your PC, and you’ll end up without your sensitive personal data and even without the software that you were trying to download in the first place.…
Broadcom Software, has uncovered a cyber-criminal operation that has potentially made the actors behind it at least $1.7 million in illicit gains from cryptocurrency mining and theft via clipboard hijacking.
The malware being used, tracked by Symantec as Trojan.Clipminer, has a number of similarities to another crypto-mining Trojan called KryptoCibule, suggesting it may be a copycat or evolution of that threat.…
Summary
Update June 2, 2022:
This Cybersecurity Advisory (CSA) has been updated with additional indicators of compromise (IOCs) and detection signatures, as well as tactics, techniques, and procedures (TTPs) from trusted third parties.
Update End
The Cybersecurity and Infrastructure Security Agency (CISA) is releasing this CSA to warn organizations that malicious cyber actors, likely advanced persistent threat (APT) actors, are exploiting CVE-2022-22954 and CVE-2022-22960 separately and in combination.…
RedLine Stealer is a malware that emerged in 2020, discovered in underground forums being sold in different plans, starting from $100 per month. The malware offers many capabilities for device reconnaissance, remote control, and information stealing, including:
Data from browsers (e.g. login, passwords, credit cards, cookies, etc.);…Update May 11th: Following the publication of this blog post, a penetration testing company called “Code White” took responsibility for this dependency confusion attack
The JFrog Security research team constantly monitors the npm and PyPI ecosystems for malicious packages that may lead to widespread software supply chain attacks.…
Authored by Vallabh Chole and Oliver Devane
Scammers are very quick at reacting to current events, so they can generate ill-gotten gains. It comes as no surprise that they exploited the current events in Ukraine, and when the Ukrainian Twitter account tweeted Bitcoin and Ethereum wallet addresses for donations we knew that scammers would use this as a lure for their victims.…
Hacking forums often double up as underground marketplaces where cybercriminals buy, rent, and sell all kinds of malicious illegal products, including software, trojans, stealers, exploits, and leaked credentials. Malware-as-a-service has contributed substantially to the growth of ransomware and phishing attacks (among other attack types) in the past year, as they lower the technical barrier to entry for criminals to carry out attacks.…
The Morphisec Labs team has conducted research on the new Mars infostealer. Mars is based on the older Oski Stealer and was first discovered in June 2021. The new Mars is available for sale on several underground forums and is reported to be under constant development.…