April 3, 2023Rabbi LakshmananAmerica

Part of a new information-stealing malware called Opc Jacker It has been spotted in the wild since late 2022 as part of a malvertising campaign.

“OpcJacker’s main functions include keylogging, taking screenshots, exfiltrating sensitive data from browsers, loading additional modules, and replacing cryptocurrency addresses in the clipboard for hijacking purposes.” , Trend Micro researchers Jaromir Horejsi and Joseph C. Chen Said.

The first vector of the campaign involves a network of fake websites promoting seemingly harmless software and cryptocurrency-related applications. A February 2023 campaign identified Iranian users under the pretext of providing VPN services.

Installer files install NetSupport RAT and Hidden Virtual Network Computing (.hVNC) variant of remote access.

OpcJacker is hidden using a crypter known as Babadeda and uses a configuration file to enable its data collection capabilities. It can also run arbitrary shellcode and executables.

“The configuration file format resembles bytecode written in a custom machine language, where each instruction is parsed to get individual opcodes and specific handlers are executed,” Trend Micro said.

Given the malware’s ability to steal cryptocurrencies from wallets, the campaign is suspected to be financially motivated. That said, OpcJacker’s versatility also makes it an ideal malware loader.

THN webinars

Become an Incident Response Pro!

Unlocking the Secrets of Bulletproof Incident Response – Master the 6-step process with Asaf Perlman, IR Lead at Cynet!

Don’t miss it – secure your seat!

The findings come as Securonix reveals details of its ongoing attack campaign. Tactical#Octopus It targets US companies with tax-themed lures, infecting them with backdoors to access victims’ systems and retrieve clipboard data and keystrokes.

Related to this, Italian and French users searching YouTube for cracked versions of PC maintenance software such as EaseUS Partition Master and Driver Easy Pro are being redirected to a Blogger page. distribution NullMixer dropper.

NullMixer also stands out by dropping various commercial malware simultaneously, including PseudoManuscrypt, Raccoon Stealer, GCleaner, Fabbookie, and a new malware loader called Crashtech Loader, causing massive infections.

Did you find this article interesting?Please follow us twitter and LinkedIn To read more exclusive content that we post.



Register now for our membership to gain access to our elite training program and fast forward your career today!


Subscribe my Newsletter for new blog posts, tips & new photos. Let's stay updated!

Security Blog

Blue Training Academy

Blue Training Academy was developed in 2018 as a educational and training facility for continuing education and certification courses. Blue Training Academy is an educational institution that allows for all sectors of the public and Criminal Justice field to gain ongoing training and education.

Copyright ©️ All rights reserved. | Blue Training Academy Blog