Category | Details |
---|---|
Threat Actors | Cybercriminals distributing information stealers, often via subscription services for novice hackers. |
Campaign Overview | Distribution of information stealers like Kral, AMOS, and Vidar via malvertising, phishing, and DLL hijacking. |
Target Regions (Or Victims) | Personal and corporate devices worldwide, with notable targets in Brazil for Vidar. |
Methodology | Malicious ads, phishing, fake websites, malvertising, DLL hijacking, deceptive dialog boxes for password theft. |
Product Targeted | Cryptocurrency wallets, browser data, system credentials, and macOS user passwords. |
Malware Reference | Kral stealer, AMOS stealer, Vidar, ACR stealer, Penguish downloader. |
Tools Used | C++, Delphi (Kral downloader), DMG files, bash processes (AMOS), DLL hijacking, password-protected archives. |
Vulnerabilities Exploited | DLL hijacking (Vidar), fake websites, deceptive dialog boxes (AMOS). |
TTPs | Malvertising, phishing, password-stealing, DLL hijacking, exfiltration via encrypted payloads. |
Attribution | Unattributed, but linked to widespread cybercriminal activities. |
Recommendations | Use 2FA, avoid downloading from unofficial sources, use unique passwords, double-check websites before download. |
Source | Securelist by Kaspersky |
Read full article: https://securelist.com/kral-amos-vidar-acr-stealers/114237/
The above summary has been generated by an AI language model
Leave a Reply