Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Racoon Stealer. Show all posts
Zoom
Ad Blocking Adobe Google Ads GPU malware Phishing Attacks Racoon Stealer Zoom

Cybercriminals Use Google Ads to Deploy Malware

 

Hackers are utilizing the Google Ads service more consistently than ever before to transmit malware. As soon as the victims click the download link on the threat actors' fake versions of the official websites, trojanized software is distributed. 

Grammarly, MSI Afterburner, Slack, Dashlane, Malwarebytes, Audacity, Torrent, OBS, Ring, AnyDesk, Libre Office, Teamviewer, Thunderbird, and Brave are some of the companies impersonated in these operations.

Raccoon Stealer, a modified variant of Vidar Stealer, and the IcedID loader are two examples of malware propagating to victims' systems. As a result, anyone looking for reliable software on a site with no active ad blocker will see commercials first and be more inclined to click on them because they closely resemble the search result.

Threat actors use a method in that phase to get beyond Google's automatic checks. If Google determines that the launch site is malicious, the operation is blocked and the advertisements are withdrawn. The trick, according to Guardio and Trend Micro, is to send users who click on the advertisement to a malicious site imitating the software project from a relevant but innocuous site made by the threat actor.

Vermux, a threat group, was discovered employing a significant number of masquerAds websites and domains, mainly operating out of Russia, to target GPUs and cryptocurrency wallets owned by Americans.

According to the researchers, in October they came across a malvertising operation where hackers, identified as DEV-0569, utilized Google Ads to send consumers to a malicious file download page. Microsoft claimed that it informed Google about the traffic distribution network abuse.

As per Microsoft, the techniques enable the group to reach more people and increase the number of victims. From August through October, Microsoft observed the threat actor distributing the BATLOADER malware using phishing emails that seemed to be genuine installers for various programs, including TeamViewer, Adobe Flash Player, Zoom, and AnyDesk. 

Use the necessary safety protocols such as an ad-blocker on your browser to block these campaigns by prohibiting Google Search sponsored results from appearing. Users should scroll down until they find the desired software project's official domain. Furthermore, a suspicious installer's unusually large file size is a red flag.  
Read more »
Wallet Data
malware Racoon Stealer Server Version Wallet Data

Raccoon Stealer is Back with a New Version

 

Bitdefender researchers recently observed that the RIG exploit kit was replacing Raccoon Stealer with the Dridex trojan as part of a campaign that began in January. The change in strategy came as a result of Raccoon Stealer briefly closing its doors in February. 

However, according to a recent assessment, the Raccoon Stealer is showing signs of life and is poised to make a significant comeback in the information stealer industry. Raccoon Stealer's operations were abruptly halted on March 25, 2022, after previously being sold on underground forums under the Malware-as-a-Service (MaaS) model since early 2019. 

The operations were stopped owing to the loss of a developer in the Russia-Ukraine conflict. At the time, the malware's profile on various forums stated that it is temporarily inaccessible and in the process of being upgraded. 

What is the most recent update? 

SEKOIA.IO investigators identified fresh actions on servers hosting the malware on June 10. They discovered multiple operational servers with a web page titled Raccoon Stealer 2.0 when looking for the stealer's management panels on the Shodan search engine. 

It is thought that the latest version has been available for purchase on Telegram since May 17. Following additional investigation, researchers discovered a new malware family known as RecordBreaker, which resembled RacconStealer v2. 

The malware was spreading in the wild. Raccoon Stealer v2 is built-in C/C++ with the help of WinApi. From its C2 servers, the virus downloads genuine third-party DLLs. The new version inherits many of the prior version's capabilities. 

These include, among other things, gathering browser and system information, taking screenshots, downloading files from drives and memory sticks, and harvesting bitcoin wallet data. 

The reappearance of well-known malware, such as Raccoon Stealer, is not a novel event in the threat environment. 

Despite setbacks, numerous malware families, including Conti and REvil, have previously made a strong return and continue to cause havoc throughout the world. As a result, companies must be aware of the strategies and tactics employed by information hackers in order to prevent assaults.
Read more »
Subscribe to: Posts (Atom)