June 13, 2023Ravi LakshmananCrimeware / Cryptocurrency

A new multi-stage loader called double finger A sophisticated attack targeting users in Europe, the United States, and Latin America was observed delivering a cryptocurrency thief dubbed GreetingGhoul.

“When a victim opens a malicious PIF attachment within an email message, DoubleFinger is deployed on the target machine, ultimately executing DoubleFinger’s first loader stage,” said Kaspersky researcher Sergey Lozhkin. says. Said in Monday’s report.

The starting point of the attack is Espex.exe This refers to the Microsoft Windows Economic Service Provider application. It is designed to run shellcode that retrieves PNG image files from the image hosting service Imgur.

This image utilizes steganography to hide an encrypted payload, triggering a four-step compromise chain and ultimately running the GreetingGhoul stealer on the infected host.

cyber security

The notable thing about GreetingGhoul is that Microsoft Edge WebView2 Creating fake overlays on top of legitimate cryptocurrency wallets and siphoning credentials entered by unsuspecting users.

In addition to dropping GreetingGhoul, DoubleFinger has also been found to distribute Remcos RAT, a commercial Trojan widely used by threat actors to attack organizations in Europe and Ukraine in recent months. It has been.

The analysis “revealed advanced techniques and skills in crimeware development similar to advanced persistent threats (APTs),” Rozkin noted.

“A multi-stage shellcode-style loader with steganography, use of Windows COM interfaces for stealth execution, and process doppelgänging Any injection into a remote process represents a complex, well-crafted crimeware. ”

Did you enjoy this article? Follow us twitter and LinkedIn To read more of the exclusive content we post.



Register now for our membership to gain access to our elite training program and fast forward your career today!


Subscribe my Newsletter for new blog posts, tips & new photos. Let's stay updated!

Security Blog

Blue Training Academy

Blue Training Academy was developed in 2018 as a educational and training facility for continuing education and certification courses. Blue Training Academy is an educational institution that allows for all sectors of the public and Criminal Justice field to gain ongoing training and education.

Copyright ©️ All rights reserved. | Blue Training Academy Blog