Found 2 bookmarks
Custom sorting
HijackLoader evolution: abusing genuine signing certificates
HijackLoader evolution: abusing genuine signing certificates
Since mid-September 2024, our telemetry has revealed a significant increase in “Lumma Stealer”1 malware deployments via the “HijackLoader”2 malicious loader. On October 2, 2024, HarfangLab EDR detected and blocked yet another HijackLoader deployment attempt – except this time, the malware sample was properly signed with a genuine code-signing certificate. In response, we initiated a hunt for code-signing certificates (ab)used to sign malware samples. We identified and reported more of such certificates. This report briefly presents the associated stealer threat, outlines the methodology for hunting these certificates, and providees indicators of compromise.
#harfanglab#EN#2024#HijackLoader#captcha#fake#malicious#loader#campaign
·harfanglab.io·
HijackLoader evolution: abusing genuine signing certificates
Behind the CAPTCHA: A Clever Gateway of Malware
Behind the CAPTCHA: A Clever Gateway of Malware
McAfee Labs recently observed an infection chain where fake CAPTCHA pages are being leveraged to distribute malware, specifically Lumma Stealer. We are observing a campaign targeting multiple countries. Below is a map showing the geolocation of devices accessing fake CAPTCHA URLs, highlighting the global distribution of the attack.
#mcafee#EN#2024#CAPTCHA#Gateway#Malware#LummaStealer#campaign#fake
·mcafee.com·
Behind the CAPTCHA: A Clever Gateway of Malware