![]() ![]() It is worth noting that in October 2021 and as recently as November 29th, both Redline and Azorult malware were seen in campaigns targeting YouTubers with cooker stealer attacks and abusing legitimate remote access tools to steal cryptocurrency.Īs for the Magnat attack apart from Redline Stealer, threat actors also distribute malicious Chrome extensions called MagnatExtension programmed to capture screenshots and record keystrokes. Researchers noted that Magnat previously used Azorult password stealer and then switched to Redline after Azorult stopped functioning correctly after Chrome 80’s release in Feb 2020. This is a common malware known for stealing all the usernames and passwords stored in the infected device. In the Magnat campaign, the actors use a password stealer called Redline. Redline Password Stealer and MagnatExtension The first activity observed by the researchers was by the end of 2019, and they kept noticing it during early 2020 while fresh instances were observed from April 2021. These enable keylogging and capture screenshots of whatever is displayed on the user’s screen. These installers do not install the advertised software but three forms of malware, including a password stealer, a malicious browser extension, and a backdoor. The attacks distribute two forms of undocumented custom-made malware.Īccording to researchers, victims are lured through malvertising, which involves malicious online ads, to download fake installers onto their systems. Researchers believe that the campaign has been active since 2018, and since then, the malware has been under development constantly. Cisco Talos researchers named this campaign Magnat because the malware payloads are tied to an unidentified actor using the alias Magnat. The objective is to steal data and credentials from the compromised system and maintain remote access. A security researcher alerted Google of the malvertising campaign in Aug 2021. Researchers believe that the campaign has been active since 2018, and since then, the malware has been under development constantly.Ĭisco Talos researchers have identified malvertising campaigns using fake installers of popular games and applications, such as WeChat, Viber, Battlefield, and NoxPlayer, to lure users into downloading an undocumented, malicious Google Chrome extension and a backdoor. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |