stolen information Archives

Tech Optimizer

November 8, 2024

New malware SteelFox targets Windows users through fake software activators

A new malware named "SteelFox" is targeting Windows users by using counterfeit software activators to infiltrate systems, leading to cryptocurrency mining and data theft. Since February 2023, it has spread rapidly, primarily through torrent sites and online forums, masquerading as legitimate software cracks for programs like AutoCAD and Foxit PDF Editor. Upon installation, it deploys a risky driver called WinRingO.sys, exploiting vulnerabilities CVE-2021-41285 and CVE-2020-14979, which allows attackers to gain full access to the infected computer. The malware uses XMRig for crypto mining, causing performance issues and increased utility bills, while also stealing sensitive data from over 13 web browsers. Countries with high infection rates include Mexico, Brazil, Russia, China, and India. Kaspersky has blocked over 11,000 attempted attacks, but the actual number of infections may be much higher. To protect against SteelFox, users are advised to download software only from verified sources, maintain updated antivirus software, avoid pirated software, and keep systems current with security patches.

Winsage

October 14, 2024

Middle Eastern nations targeted by dangerous “OilRig” malware

Iranian threat actors, specifically a group known as OilRig (also referred to as APT43 or Cobalt Gipsy), are actively seeking login credentials to infiltrate organizations and personal systems in the UAE and the Gulf region. They target vulnerable servers to deploy web shells, allowing them to execute PowerShell commands and introduce malware. One vulnerability exploited is CVE-2024-30088, a Windows Kernel Elevation of Privilege flaw with a high base score of 7.0, which was patched by Microsoft in June 2024. This vulnerability enables attackers to escalate privileges and extract sensitive information. The malware used in these operations is STEALHOOK, an infostealer that exfiltrates data to a command and control server and can blend stolen information with legitimate data. OilRig is state-sponsored and primarily targets the energy sector, with connections to another Iranian APT group, FOX Kitten, involved in ransomware. Despite evidence of exploitation related to CVE-2024-30088, the US Cybersecurity and Infrastructure Agency (CISA) has not included it in its Known Exploited Vulnerabilities catalog.

AppWizard

September 6, 2024

Found: 280 Android apps that use OCR to steal cryptocurrency credentials

Researchers have identified over 280 malicious applications that exploit optical character recognition (OCR) technology to steal cryptocurrency wallet credentials from compromised Android devices. These apps, disguised as legitimate services, harvest sensitive information like text messages and images but are not found on Google Play, indicating distribution via phishing and dubious websites. The malware uses OCR to extract mnemonic phrases from images, making it easier for attackers to access cryptocurrency wallets. A McAfee researcher uncovered a server with stolen data due to poor security configurations, revealing the attackers' focus on capturing recovery phrases. The malware has evolved to use sophisticated communication methods and obfuscation techniques, complicating detection efforts. Initially targeting South Korea, the malware's recent emergence in the UK indicates a geographic expansion of its operations.

AppWizard

July 15, 2024

Hackers stole 1.2TB of internal data from Disney

Disney has been the victim of a cyberattack by the hacktivist group NullBulge, resulting in the theft of 1.2TB of data, including unreleased projects, raw images, code, logins, and internal API/web pages.