all InfoSec news
Suspected CoralRaider continues to expand victimology using three information stealers
April 23, 2024, 1 p.m. | MalBot
Malware Analysis, News and Indicators - Latest topics malware.news
By Joey Chen, Chetan Raghuprasad and Alex Karkins.
- Cisco Talos discovered a new ongoing campaign since at least February 2024, operated by a threat actor distributing three famous infostealer malware, including Cryptbot, LummaC2 and Rhadamanthys.
- Talos also discovered a new PowerShell command-line argument embedded in the LNK file to bypass anti-virus products and download the final payload into the victims’ host.
- This campaign uses the Content Delivery Network (CDN) cache domain as a download server, hosting the malicious HTA file …
actor alex argument bypass campaign chen cisco cisco talos command cryptbot embedded february february 2024 file information information stealers infostealer line lnk lnk file lummac2 malware powershell rhadamanthys stealers talos threat threat actor virus
More from malware.news / Malware Analysis, News and Indicators - Latest topics
Jobs in InfoSec / Cybersecurity
Information Security Engineers
@ D. E. Shaw Research | New York City
Technology Security Analyst
@ Halton Region | Oakville, Ontario, Canada
Senior Cyber Security Analyst
@ Valley Water | San Jose, CA
Associate Engineer (Security Operations Centre)
@ People Profilers | Singapore, Singapore, Singapore
DevSecOps Engineer
@ Australian Payments Plus | Sydney, New South Wales, Australia
Senior Cybersecurity Specialist
@ SmartRecruiters Inc | Poland, Poland