January 16, 2023Rabbi LakshmananData Security / Cyber ​​Threat

Since early 2020, a “massive and resilient infrastructure” consisting of over 250 domains has been used to distribute information-stealing malware such as Raccoon and Vidar.

The infection chain “uses around 100 fake cracked software catalog websites that redirect to several links before downloading the payload hosted on file-sharing platforms such as GitHub.” Says cybersecurity firm SEKOIA. Said In an analysis published earlier this month.

A French cybersecurity firm assessed the domain as being operated by a threat actor running a Traffic Direction System (TDS).

Targeting users searching for cracked versions of software and games on search engines such as Google, the attack uses a technique known as search engine optimization (SEO) poisoning to lure victims. Top up fraudulent websites by tricking them into downloading and executing malicious payloads.

The tainted results come with a download link to the promised software, which, when clicked, triggers a five-step URL redirect sequence that takes the user to a webpage displaying a shortened link. GitHub and its password.

“The use of multiple redirects complicates automated analysis by security solutions,” said the researchers. “This carving of the infrastructure is almost certainly designed to ensure resilience, making it easier and faster to update or change steps.”

fake cracked software

Once the victim unzips the RAR archive and runs the setup executable file it allegedly contains, one of two malware families, Raccoon or Vidar, will be installed on the system.

Development comes as Cyble Detailed A rogue Google Ads campaign that uses popular software such as AnyDesk, Bluestacks, Notepad++, and Zoom as lures to deliver a feature-rich stealer known as the Rhadamanthys Stealer.

Another variant of the attack chain has been observed utilizing phishing emails disguised as bank statements to trick unwitting users into clicking on malicious links.

Fake websites masquerading as popular remote desktop solutions have also been used in the past to spread malware known as Python-based information stealers. Mitsu Stealer.

Both malware are capable of siphoning various personal information from compromised machines, harvesting credentials from web browsers, and stealing data from various cryptocurrency wallets.

Users are advised to refrain from downloading pirated software and enforce multi-factor authentication wherever possible to harden their accounts.

“It is important that users exercise caution when receiving spam emails or visit phishing websites and verify the source before downloading any application,” said the researchers.

Did you find this article interesting?Please follow us twitter When LinkedIn To read more exclusive content that we post.

cropped-BTA_Logo-B-1-scaled-1
YOUR FUTURE STARTS HERE.

BLUE TRAINING ACADEMY

Register now for our membership to gain access to our elite training program and fast forward your career today!

Newsletter

Subscribe my Newsletter for new blog posts, tips & new photos. Let's stay updated!

cropped-BTA_Logo-B-1-scaled-1
Security Blog

Blue Training Academy

Blue Training Academy was developed in 2018 as a educational and training facility for continuing education and certification courses. Blue Training Academy is an educational institution that allows for all sectors of the public and Criminal Justice field to gain ongoing training and education.

Copyright ©️ All rights reserved. | Blue Training Academy Blog