Articles | InfoStealers
- A Multi-Actor Infrastructure Investigation (Mapping the Malware Maze) December 21, 2024Another finding by Fox, related to LummaC2 infostealer sparked an infra hunt that led to many findings. C2 Host Pivot & Windows Server Pattern Following the finding of X user Fox_threatintel, we can see that there are 17 hosts matching the query for specific nginx versions running on port 19000. What stands out immediately are the findings […]
- Profiling CSAM Consumers Using Infostealers Data December 21, 2024If there is one type of content strictly banned and monitored across every platform on the internet, it is the CSAM (Child Sexual Abuse Material). For this reason, those who seek to consume such content must turn to very specific channels to access it. Across mainstream platforms like social media, websites on the clear web, […]
- Server-Side Infostealers: How Initial Access Broker Pryx is Revolutionizing Infostealers December 17, 2024In a recent interview given to Osint10x , “Pryx”, the admin of the Hellcat Ransomware Group, shared insights into their methods, their vision for the future of infostealers, and how server-side innovations are reshaping the game. Breaking Down the Traditional Infostealer Model Traditionally, infostealers rely on client-side operations, with malicious payloads deployed directly on victim machines. […]
- “DeceptionAds” — Fake Captcha Driving Infostealer Infections and a Glimpse to the Dark Side of Internet Advertising December 16, 2024Guardio Labs tracked and analyzed a large-scale fake captcha campaign distributing a disastrous Lumma info-stealer malware that circumvents general security measures like Safe Browsing. Entirely reliant on a single ad network for propagation, this campaign showcases the core mechanisms of malvertising — delivering over 1 million daily “ad impressions” and causing thousands of daily victims to lose their […]
- Tracking the FBI’s Most Wanted: “RedLine” Info-Stealer Creator Maxim Rudometov December 14, 2024A coalition of international law enforcement agencies has been investigating the creator and distributor of the notorious infostealer variant RedLine in an operation codenamed “Operation Magnus.” RedLine, a MaaS (Malware-as-a-Service), has stolen sensitive data from millions of users worldwide, including credit card information, browser history, autofill form data, emails, and passwords. Active since 2020, RedLine […]
- Malicious PyPI crypto pay package aiocpa implants infostealer code December 13, 2024Executive Summary ReversingLabs’ machine learning-based threat hunting system detected malicious code in a legitimate looking package, aiocpa, last week that was engineered to compromise crypto currency wallets. RL then reported the malicious package to the Python Package Index (PyPI) to be taken down, and the PyPI team then published their own blog about the package. Shortly after, researchers at […]
- Meeten Malware: A Cross-Platform Threat to Crypto Wallets on macOS and Windows December 13, 2024Cado Security Labs have identified a new sophisticated scam targeting people who work in Web3. The campaign includes crypto stealer Realst that has both macOS and Windows variants, and has been active for around four months. The threat actors behind the malware have set up fake companies using AI to make them increase legitimacy. The […]
- Hudson Rock Launches CavalierGPT: The First Comprehensive Infostealer Intelligence AI Bot (Free) December 10, 2024December 10, 2024 – Hudson Rock, a leader in cybercrime intelligence, is proud to announce the official launch of CavalierGPT, the industry’s first AI-powered bot dedicated to providing comprehensive intelligence on infostealer malware. CavalierGPT leverages Hudson Rock’s vast database of stolen data and insights into infostealer operations to deliver instant, actionable intelligence for cybersecurity teams […]
- Hudson Rock Announces First Comprehensive Infostealers AI Bot: CavalierGPT November 27, 2024Hudson Rock is thrilled to announce the launch of CavalierGPT, the first-ever Infostealer Intelligence AI Bot designed to empower researchers with free access to data associated with Infostealer infections. CavalierGPT retrieves and curates information from various Hudson Rock endpoints, enabling investigators to delve deeper into cybersecurity threats with unprecedented ease and efficiency. We are excited […]
Reports | InfoStealers
- Infostealers Weekly Report: 2024-12-09 – 2024-12-16 December 16, 2024InfoStealers Weekly Report – In this comprehensive report, we provide you with valuable insights into the most pressing threats facing organizations today. As cyberattacks continue to grow in complexity and scale, our mission is to equip you with the knowledge and tools needed to safeguard your sensitive information. Join us as we analyze the top […]
- Infostealers Weekly Report: 2024-12-02 – 2024-12-09 December 9, 2024InfoStealers Weekly Report – In this comprehensive report, we provide you with valuable insights into the most pressing threats facing organizations today. As cyberattacks continue to grow in complexity and scale, our mission is to equip you with the knowledge and tools needed to safeguard your sensitive information. Join us as we analyze the top […]
- Infostealers Weekly Report: 2024-11-25 – 2024-12-02 December 2, 2024InfoStealers Weekly Report – In this comprehensive report, we provide you with valuable insights into the most pressing threats facing organizations today. As cyberattacks continue to grow in complexity and scale, our mission is to equip you with the knowledge and tools needed to safeguard your sensitive information. Join us as we analyze the top […]
- Infostealers Weekly Report: 2024-11-18 – 2024-11-25 November 25, 2024InfoStealers Weekly Report – In this comprehensive report, we provide you with valuable insights into the most pressing threats facing organizations today. As cyberattacks continue to grow in complexity and scale, our mission is to equip you with the knowledge and tools needed to safeguard your sensitive information. Join us as we analyze the top […]
- Infostealers Weekly Report: 2024-11-11 – 2024-11-18 November 18, 2024InfoStealers Weekly Report – In this comprehensive report, we provide you with valuable insights into the most pressing threats facing organizations today. As cyberattacks continue to grow in complexity and scale, our mission is to equip you with the knowledge and tools needed to safeguard your sensitive information. Join us as we analyze the top […]
- Infostealers Weekly Report: 2024-11-04 – 2024-11-11 November 11, 2024InfoStealers Weekly Report – In this comprehensive report, we provide you with valuable insights into the most pressing threats facing organizations today. As cyberattacks continue to grow in complexity and scale, our mission is to equip you with the knowledge and tools needed to safeguard your sensitive information. Join us as we analyze the top […]
- Infostealers Weekly Report: 2024-10-28 – 2024-11-04 November 4, 2024InfoStealers Weekly Report – In this comprehensive report, we provide you with valuable insights into the most pressing threats facing organizations today. As cyberattacks continue to grow in complexity and scale, our mission is to equip you with the knowledge and tools needed to safeguard your sensitive information. Join us as we analyze the top […]
Techniques | InfoStealers
- Formbook/xLoaderFormbook is an information-stealing malware, discovered in 2016, that is capable of stealing data entered into HTML website forms and logging keystrokes... The post Formbook/xLoader appeared first on InfoStealers.
- LummaC2 StealerHeatmap of instances of ATT&CK techniques for LummaC2 Stealer based on recent public CTI reporting (sources in Notes for each technique)... The post LummaC2 Stealer appeared first on InfoStealers.
- Luca StealerHeatmap of instances of ATT&CK techniques for Luca Stealer based on recent public CTI reporting (sources in Notes for each technique)... The post Luca Stealer appeared first on InfoStealers.
- Python Dependency Stealer January 2023Heatmap of instances of ATT&CK techniques for an information stealer discovered in January 2023 that achieves initial access via a malicious software dependency (a Python package)... The post Python Dependency Stealer January 2023 appeared first on InfoStealers.
- Aurora StealerAurora is an information stealer advertised on underground forums beginning in September 2022 (it was previously advertised in a different form, as a botnet with different functionality... The post Aurora Stealer appeared first on InfoStealers.
- DuckTail StealerHeatmap of instances of ATT&CK techniques for DuckTail Stealer based on recent public CTI reporting (sources in notes for each technique)... The post DuckTail Stealer appeared first on InfoStealers.
- RisePro StealerHeatmap of (sub)techniques mentioned in Sekoia.io's report "New RisePro Stealer distributed by the prominent PrivateLoader"... The post RisePro Stealer appeared first on InfoStealers.
- Prynt InfostealerHeatmap of instances of ATT&CK techniques referenced in recent, public CTI reporting around Prynt Infostealer (source links included in Notes per technique below)... The post Prynt Infostealer appeared first on InfoStealers.
- Rhadamanthys StealerHeatmap of instances of ATT&CK techniques for Rhadamanthys Stealer based on recent public CTI reporting (sources in notes for each technique)... The post Rhadamanthys Stealer appeared first on InfoStealers.
- Erbium StealerHeatmap of instances of ATT&CK techniques for Erbium Stealer based on recent public CTI reporting (sources in notes for each technique)... The post Erbium Stealer appeared first on InfoStealers.