| Category | Details |
|---|---|
| Threat Actors | Cybercriminals distributing information stealers, often via subscription services for novice hackers. |
| Campaign Overview | Distribution of information stealers like Kral, AMOS, and Vidar via malvertising, phishing, and DLL hijacking. |
| Target Regions (Or Victims) | Personal and corporate devices worldwide, with notable targets in Brazil for Vidar. |
| Methodology | Malicious ads, phishing, fake websites, malvertising, DLL hijacking, deceptive dialog boxes for password theft. |
| Product Targeted | Cryptocurrency wallets, browser data, system credentials, and macOS user passwords. |
| Malware Reference | Kral stealer, AMOS stealer, Vidar, ACR stealer, Penguish downloader. |
| Tools Used | C++, Delphi (Kral downloader), DMG files, bash processes (AMOS), DLL hijacking, password-protected archives. |
| Vulnerabilities Exploited | DLL hijacking (Vidar), fake websites, deceptive dialog boxes (AMOS). |
| TTPs | Malvertising, phishing, password-stealing, DLL hijacking, exfiltration via encrypted payloads. |
| Attribution | Unattributed, but linked to widespread cybercriminal activities. |
| Recommendations | Use 2FA, avoid downloading from unofficial sources, use unique passwords, double-check websites before download. |
| Source | Securelist by Kaspersky |
Read full article: https://securelist.com/kral-amos-vidar-acr-stealers/114237/
The above summary has been generated by an AI language model
Leave a Reply