Articles | InfoStealers

• Data Exploration – Shedding Light on Sanctioned Entities (Hudson Rock) September 2, 2024
  Hudson Rock’s data exploration capabilities allow for seamless analysis of massive amounts of assets associated with Infostealer infections. In this example, we analyze all domains associated with companies sanctioned by OFAC and even discover companies that should be sanctioned but aren’t. Full blog – https://www.infostealers.com/article/infostealer-malware-infections-shed-light-on-sanctioned-entities-reveals-new-targets-for-global-crackdown/ Hudson Rock’s database, containing tens of millions of infected computers […]
• Anatomy of a Lumma Stealer Attack via Fake CAPTCHA Pages August 31, 2024
  As of late August 2024, attackers have been using fraudulent “human verification” pages to trick users into executing a malicious PowerShell script. This blog post will explore the full attack vector, detailing how the malware is delivered, executed, and the indicators of compromise (IOCs) involved. Lumma Stealer is designed to exfiltrate sensitive information such as […]
• The Dark Truth About Infostealers: Why You Should Not Always Trust Antivirus with Leonid Rozenberg August 30, 2024
  Check out our latest interview featuring Leonid Rozenberg, where he speaks with Boris Agranovich on the Risk Management Show about the growing threat of Infostealers. Tune in on YouTube or Spotify to discover why businesses of all sizes across every industry should be concerned, explore common malware delivery methods, and debunk the TOP 5 misconceptions […]
• How to Check if Your Email Has Been Compromised by an Infostealer August 30, 2024
  Our email accounts are essential repositories of financial and personal data in the digital age. Regretfully, this renders them extremely attractive targets for hackers employing malicious software referred to as infostealers. These sneaky applications are made to stealthily collect private data from compromised devices, including financial information, login credentials, and even keystrokes. What is an […]
• Infostealer Malware Infections Shed Light on Sanctioned Entities & Revealing New Targets for Global Crackdown August 28, 2024
  Hudson Rock’s continued research explores how Infostealer infections can provide insights into sanctioned entities and identify new opportunities for sanctions. TL;DR (read the research — don’t be lazy)— Sanctioned companies have infected employees that can provide unrivaled insights to law enforcement, and Hudson Rock researchers were able to discover a company that should be sanctioned based on […]
• Beyond the wail: deconstructing the BANSHEE infostealer August 21, 2024
  Preamble In August 2024, a novel macOS malware named “BANSHEE Stealer” emerged, catching the attention of the cybersecurity community. Reportedly developed by Russian threat actors, BANSHEE Stealer was introduced on an underground forum and is designed to function across both macOS x86_64 and ARM64 architectures. This malware presents a severe risk to macOS users, targeting […]
• Unmasking Styx Stealer: How a Hacker’s Slip Led to an Intelligence Treasure Trove August 21, 2024
  Key takeaways Introduction In the shadowy world of cybercrime, even the most cunning hackers can make blunders that expose their operations.  In this article CPR describes the discovery of Styx Stealer, a new malware variant derived from the notorious Phemedrone Stealer. Our investigation revealed critical missteps by the developer of Styx Stealer, including a significant […]
• Stealthy phishing attack uses advanced infostealer for data exfiltration August 21, 2024
  Phishing attacks featuring an advanced, stealthy technique designed to exfiltrate a wide range of sensitive information have been observed by Barracuda threat analysts. The technique involves a sophisticated infostealer malware able to collect PDF files and directories from most folders, as well as browser information such as session cookies, saved credit card details, bitcoin-related extensions, web history, and […]
• Tusk: unraveling a complex infostealer campaign August 21, 2024
  Kaspersky Global Emergency Response Team (GERT) has identified a complex campaign, consisting of multiple sub-campaigns orchestrated by Russian-speaking cybercriminals. The sub-campaigns imitate legitimate projects, slightly modifying names and branding and using multiple social media accounts to increase their credibility. In our analysis we observed that all the active sub-campaigns host the initial downloader on Dropbox. This […]