all InfoSec news
Suspected CoralRaider continues to expand victimology using three information stealers
April 23, 2024, 1 p.m. | MalBot
Malware Analysis, News and Indicators - Latest topics malware.news
By Joey Chen, Chetan Raghuprasad and Alex Karkins.
- Cisco Talos discovered a new ongoing campaign since at least February 2024, operated by a threat actor distributing three famous infostealer malware, including Cryptbot, LummaC2 and Rhadamanthys.
- Talos also discovered a new PowerShell command-line argument embedded in the LNK file to bypass anti-virus products and download the final payload into the victims’ host.
- This campaign uses the Content Delivery Network (CDN) cache domain as a download server, hosting the malicious HTA file …
actor alex argument bypass campaign chen cisco cisco talos command cryptbot embedded february february 2024 file information information stealers infostealer line lnk lnk file lummac2 malware powershell rhadamanthys stealers talos threat threat actor virus
More from malware.news / Malware Analysis, News and Indicators - Latest topics
Jobs in InfoSec / Cybersecurity
Senior Security Specialist, Forsah Technical and Vocational Education and Training (Forsah TVET) (NEW)
@ IREX | Ramallah, West Bank, Palestinian National Authority
Consultant(e) Junior Cybersécurité
@ Sia Partners | Paris, France
Senior Network Security Engineer
@ NielsenIQ | Mexico City, Mexico
Senior Consultant, Payment Intelligence
@ Visa | Washington, DC, United States
Corporate Counsel, Compliance
@ Okta | San Francisco, CA; Bellevue, WA; Chicago, IL; New York City; Washington, DC; Austin, TX
Security Operations Engineer
@ Samsara | Remote - US