Infostealer Malware Infections Shed Light on Sanctioned Entities & Revealing New Targets for Global Crackdown
Hudson Rock’s continued research explores how Infostealer infections can provide insights into sanctioned entities and identify new opportunities for sanctions. TL;DR (read the research — don’t be lazy)— Sanctioned companies have infected employees that can provide unrivaled insights to law enforcement, and Hudson Rock researchers were able to discover a company that should be sanctioned based on […]
Beyond the wail: deconstructing the BANSHEE infostealer
Preamble In August 2024, a novel macOS malware named “BANSHEE Stealer” emerged, catching the attention of the cybersecurity community. Reportedly developed by Russian threat actors, BANSHEE Stealer was introduced on an underground forum and is designed to function across both macOS x86_64 and ARM64 architectures. This malware presents a severe risk to macOS users, targeting […]
Unmasking Styx Stealer: How a Hacker’s Slip Led to an Intelligence Treasure Trove
Key takeaways Introduction In the shadowy world of cybercrime, even the most cunning hackers can make blunders that expose their operations. In this article CPR describes the discovery of Styx Stealer, a new malware variant derived from the notorious Phemedrone Stealer. Our investigation revealed critical missteps by the developer of Styx Stealer, including a significant […]
Stealthy phishing attack uses advanced infostealer for data exfiltration
Phishing attacks featuring an advanced, stealthy technique designed to exfiltrate a wide range of sensitive information have been observed by Barracuda threat analysts. The technique involves a sophisticated infostealer malware able to collect PDF files and directories from most folders, as well as browser information such as session cookies, saved credit card details, bitcoin-related extensions, web history, and […]
Tusk: unraveling a complex infostealer campaign
Kaspersky Global Emergency Response Team (GERT) has identified a complex campaign, consisting of multiple sub-campaigns orchestrated by Russian-speaking cybercriminals. The sub-campaigns imitate legitimate projects, slightly modifying names and branding and using multiple social media accounts to increase their credibility. In our analysis we observed that all the active sub-campaigns host the initial downloader on Dropbox. This […]
Infostealer Investigation Module – Analyzing Stolen Files (Hudson Rock)
Hudson Rock’s Infostealer Investigation Module provides cybersecurity professionals the ability to investigate all the data captured from an Infostealer infection of employees and customers at their organizations. Hudson Rock’s database, with tens of millions of computers infected worldwide, helps cybersecurity and law enforcement customers with their investigations. To learn more, visit www.hudsonrock.com/cavalier
Approaching Stealers Devs : A Brief Interview With AMOS (Atomic macOS Stealer)
To completely understand what’s going on in a market that has been growing in the last years I found mandatory to know which players are dominating it. Always remember that behind every user of the Internet there is another human like you, so if you can be kind enough to reach them and they agree, […]
Meet the Top 5 Threat Actors Exploiting Infostealers Data to Breach Companies
As Infostealers become increasingly favored by cybercriminals and hacking groups as a primary method for breaching companies, it’s crucial to stay informed about the key players leveraging these tools. In this article, we spotlight the top five hackers who are using Infostealers to infiltrate companies, providing insights into their tactics and the evolving landscape of […]
Infostealers AI Investigation Module – Threat Actor Deanonymization Use Case
Hudson Rock’s AI module adds an additional layer of research, which helps deanonymize suspicious users and aids in investigations. Hudson Rock’s database, with tens of millions of computers infected worldwide, helps cybersecurity and law enforcement customers with their investigations. To learn more, visit www.hudsonrock.com/cavalier
Improving the security of Chrome cookies on Windows
Cybercriminals using cookie theft infostealer malware continue to pose a risk to the safety and security of our users. We already have a number of initiatives in this area including Chrome’s download protection using Safe Browsing, Device Bound Session Credentials, and Google’s account-based threat detection to flag the use of stolen cookies. Today, we’re announcing another layer of protection to […]
Daolpu Infostealer: Full analysis of the latest malware exploited post CrowdStrike outage
While we all stand in unity with cyber and IT teams who have been working tirelessly to restore systems following last week’s CrowdStrike patch failure, cyber criminals continue to exploit the situation by launching phishing campaigns. Discovered on July 24th, 2024, the latest malware on the list is: Daolpu. A Word document containing macros that download […]
Lumma Stealer Packed with CypherIt Distributed Using Falcon Sensor Update Phishing Lure
Summary On July 23, 2024, CrowdStrike Intelligence identified the phishing domain crowdstrike-office365[.]com, which impersonates CrowdStrike and delivers malicious ZIP and RAR files containing a Microsoft Installer (MSI) loader. The loader ultimately executes Lumma Stealer packed with CypherIt. The domain was registered on July 23, 2024, days after July 19, 2024, when an issue present in a single content update […]
