Life on a crooked RedLine: Analyzing the infamous infostealer’s backend
Following the takedown of RedLine Stealer by international authorities, ESET researchers are publicly releasing their research into the infostealer’s backend modules.
From Perfctl to InfoStealer
From Perfctl to InfoStealer, Author: Xavier Mertens
Beyond the wail: deconstructing the BANSHEE infostealer
The BANSHEE malware is a macOS-based infostealer that targets system information, browser data, and cryptocurrency wallets.
LummaC2 Malware Abusing the Game Platform 'Steam' - ASEC BLOG
LummaC2 is an Infostealer that is being actively distributed, disguised as illegal programs (e.g. cracks, keygens, and game hacking programs) available from distribution websites, YouTube, and LinkedIn using the SEO poisoning technique. Recently, it has also been distributed via search engine ads, posing as web pages of Notion, Slack, Capcut, etc. Reference: Distribution of MSIX Malware Disguised as Notion Installer
Iraq-based cybercriminals deploy malicious Python packages to steal data
An information-stealing script embedded in a Python package on the popular repository PyPI appears to be connected to a cybercriminal operation based in Iraq, according to researchers at Checkmarx.
Caught in the Net: Using Infostealer Logs to Unmask CSAM Consumers
Discover how Recorded Future uses infostealer logs to identify CSAM consumers and trends. Learn key findings and mitigation strategies.
Telegram Combolists and 361M Email Addresses
Last week, a security researcher sent me 122GB of data scraped out of thousands of Telegram channels. It contained 1.7k files with 2B lines and 361M unique email addresses of which 151M had never been seen in HIBP before. Alongside those addresses were passwords and, in many cases, the website the data pertains to. I've loaded it into Have I Been Pwned (HIBP) today because there's a huge amount of previously unseen email addresses and based on all the checks I've done, it's legitimate data. That's the high-level overview, now here are the details:
Dissecting Saintstealer
Cyble Analyzes Saintstealer, an infostealer using a C&C server with known links to other popular infostealers.
An Infostealer's Brewin': Cuckoo & AtomicStealer Get Creative
Recent infostealer malware campaign utilizing fake Homebrew websites to deliver Cuckoo and AtomicStealer.
Malware: Cuckoo Behaves Like Cross Between Infostealer and Spyware
Kandji's threat research team has discovered a piece of malware that combines aspects of an infostealer and spyware. Here's how it works.
Dissecting Saintstealer
Cyble Analyzes Saintstealer, an infostealer using a C&C server with known links to other popular infostealers.
Infostealers continue to pose threat to macOS users
Jamf Threat Labs dissects ongoing infostealer attacks targeting macOS users. Each with different means of compromising victim’s Macs but with similar aims: to steal sensitive user data.
Dissecting Saintstealer
Cyble Analyzes Saintstealer, an infostealer using a C&C server with known links to other popular infostealers.
Dissecting Saintstealer
Cyble Analyzes Saintstealer, an infostealer using a C&C server with known links to other popular infostealers.
Dissecting Saintstealer
Cyble Analyzes Saintstealer, an infostealer using a C&C server with known links to other popular infostealers.
Vidar Infostealer Steals Booking.com Credentials in Fraud Scam
Learn how a threat actor used spearphishing emails and social engineering tactics to obtain a hotel’s credentials and solicit customers’ payment information.
Dissecting Saintstealer
Cyble Analyzes Saintstealer, an infostealer using a C&C server with known links to other popular infostealers.
Malvertiser copies PC news site to deliver infostealer
Users looking to download a popular PC utility may be tricked in this campaign where a threat actor has registered a website that copies content from a PC and Windows news portal.
Predator AI | ChatGPT-Powered Infostealer Takes Aim at Cloud Platforms
An emerging infostealer being sold on Telegram looks to harness generative AI to streamline cyber attacks on cloud services.
macOS MetaStealer | New Family of Obfuscated Go Infostealers Spread in Targeted Attacks
The rise of macOS infostealers continues with the latest entrant aiming to compromise business environments with targeted social engineering lures.
Users of cybercrime forums often fall victim to info-stealers, researchers find
After analyzing millions of computers infected with info-stealing malware, researchers at Hudson Rock said they identified 120,000 that contained credentials used for logging into cybercrime forums.
Prominent Threat Actor Accidentally Infects Own Computer with Info-Stealer
Threat actor “La_Citrix” is known for hacking companies — he accidentally infected his own computer and likely ended up selling it without noticing.
Karma Catches Up to Global Phishing Service 16Shop
You've probably never heard of "16Shop," but there's a good chance someone using it has tried to phish you. Last week, the international police organization INTERPOL said it had shuttered the notorious 16Shop, a popular phishing-as-a-service platform launched in 2017…
Raccoon Stealer Announce Return After Hiatus
Raccoon Stealer, the InfoStealer that has been used to obtain 50M+ unique credentials is back with new features and updates.
Apple Crimeware | Massive Rust Infostealer Campaign Aiming for macOS Sonoma Ahead of Public Release
Crimeware actors have launched an extensive campaign to target macOS users with malware disguised in multiple fake blockchain games.
Dissecting Saintstealer
Cyble Analyzes Saintstealer, an infostealer using a C&C server with known links to other popular infostealers.
Analysis of new active malware: MediaArena – PUA
Analysis of new active malware: MediaArena – PUA
Atomic Stealer | Threat Actor Spawns Second Variant of macOS Malware Sold on Telegram
A macOS infostealer being sold on Telegram, Atomic Stealer has a second variant that appears primed to target users directly on YouTube.
Creal: New Stealer Targeting Cryptocurrency Users Via Phishing Sites
Open-Source Stealer Widely Abused by Threat Actors The threat of InfoStealers is widespread and has been frequently employed by various Threat Actors (TA)s to launch attacks and make financial gains. Until now, the primary use of stealers by TAs has been to sell logs or to gain initial entry into a corporate network.
Darth Vidar: The Dark Side of Evolving Threat Infrastructure
Summary Three key takeaways from our analysis of Vidar infrastructure: Russian VPN gateways are potentially providing anonymity for Vidar operators / customers, making it more challenging for analysts to have a complete overview of this threat. These gateways now appear to be migrating to Tor. Vidar operators appear to be expanding their infrastructure, so analysts need to keep them in their sights. We expect a new wave of customers and as a result, an increase of campaigns in the upcoming weeks