Marko Polo Infostealer Campaigns Target Thousands Across Platforms

 

The cybercriminal group “Marko Polo” is behind a major malware operation, running 30 infostealer campaigns targeting a wide array of victims. Using techniques such as spear-phishing, malvertising, and brand impersonation, the group spreads over 50 malware payloads, including AMOS, Stealc, and Rhadamanthys, across different sectors like gaming, cryptocurrency, and software. 

According to Recorded Future’s Insikt Group, Marko Polo’s campaigns have compromised thousands of devices globally, posing a significant threat to consumer privacy and business security, with potential financial losses in the millions. The group primarily uses spear-phishing tactics via direct messages on social media, targeting high-value individuals like cryptocurrency influencers, gamers, and software developers. 

They impersonate popular brands such as Fortnite, Zoom, and RuneScape, creating fake job offers and project collaborations to deceive victims into downloading malware. In addition to these impersonations, Marko Polo even fabricates its own brand names like VDeck, Wasper, and SpectraRoom to lure unsuspecting users. The Marko Polo operation is highly versatile, capable of infecting both Windows and macOS platforms. On Windows, they use a tool called “HijackLoader” to deliver malware like Stealc, designed to extract data from browsers, and Rhadamanthys, which targets a wide array of applications and data types. 

Rhadamanthys has also added advanced features, such as a cryptocurrency clipper to redirect payments to the attackers’ wallets, and the ability to evade Windows Defender. When it comes to macOS, the group deploys Atomic (AMOS), an infostealer launched in 2023, which they rent out to cybercriminals for $1,000 per month. AMOS is highly effective at extracting sensitive data stored on macOS systems, such as Apple Keychain passwords, MetaMask seeds, WiFi credentials, credit card details, and other encrypted information. 

The Marko Polo campaign’s widespread nature highlights the dangers of information-stealing malware, and users need to be vigilant against unsolicited links and downloads from unknown sources. One of the most effective ways to protect against such malware is to download software exclusively from official websites and ensure your antivirus software is up-to-date. This ensures the detection of malicious payloads before they can compromise your system. 

Information-stealing malware campaigns are becoming increasingly common, with Marko Polo’s operation serving as a stark reminder of the sophisticated tactics cybercriminals employ today. These stolen credentials often enable hackers to breach corporate networks, engage in data theft, and disrupt business operations. Therefore, cybersecurity awareness and strong preventive measures are crucial for protecting against such malicious activities.