Friday, October 4, 2024
HomeComputer SecurityHackers Use Cloud Hosting Services To Deliver Malware That Steals Cryptocurrency Wallet...

Hackers Use Cloud Hosting Services To Deliver Malware That Steals Cryptocurrency Wallet Details

Published on

Hackers abuses cloud hosting services to distribute Stealer Malware by mixing it up with good ones to prevent the malware from getting blacklisted.

Researchers from Zscaler ThreatLabZ observed a popular hosting provider serving the domain used in phishing and malware attacks in wild.

Crypto-wallet Stealer Malware

Researchers found the domain http[:]//flexsell[.]ca which is hosted on IP 64[.]34[.]67[.]205 distributes weaponized word documents that contains a payload capable of stealing cryptocurrency wallet information.

- Advertisement - EHA

The Stealer Malware particularly targeting the following cryptocurrency wallets Bitcoin, Electrum, and Monero.

The weaponized word documents contain an obfuscated malicious macro which will be executed once the documents are opened and initiate the HTTP request to download the Stealer Malware without user consent.

The malware package is custom packed and hardcore, it decrypts on runtime, upon execution it collects the details such as machine ID, EXE_PATH, Windows, computer (username), screen, layouts, local time, and CPU model form the system and submit to C&C server.

Its communication with C&C server is hardcoded, on the infected machine malware searches for default location was digital wallet stored, browser cookies and login details of popular applications like Pidgin, WinSCP, and Psi+.

Microsoft and DocuSign Phishing Page

With another campaign the attackers abused the hosting services for hosting the phishing pages, attackers targeted Microsoft and DocuSign with the phishing attack.

Phishing is a fraud mechanism used to obtain sensitive data such as usernames, password, and credit card details to carry out various malicious activities.

Zscaler published the blog post contains’ complete IoC and URL’s used by attacker’s to deliver malware.

Related Read

Dangerous Android Malware that Steals Banking Credentials, Call Forwarding, Keylogging, and Ransomware Activities

Android Device With Open ADB Ports Exploited to Spread Satori Variant of Mirai Botnet

60,000 Android Devices are Infected with Malicious Battery Saver App that Steals Various Sensitive Data

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Prince Ransomware Hits UK and US via Royal Mail Phishing Scam

A new ransomware campaign targeting individuals and organizations in the UK and the US...

Microsoft, DOJ Dismantle Domains Used by Russian FSB-Linked Hacking Group

Microsoft and the U.S. Department of Justice (DOJ) have successfully dismantled a network of...

Cloud Penetration Testing Checklist – 2024

Cloud Penetration Testing is a method of actively checking and examining the Cloud system...

Linux Malware perfctl Attacking Millions of Linux Servers

Researchers have uncovered a sophisticated Linux malware, dubbed "perfctl," actively targeting millions of Linux...

Free Webinar

Decoding Compliance | What CISOs Need to Know

Non-compliance can result in substantial financial penalties, with average fines reaching up to $4.5 million for GDPR breaches alone.

Join us for an insightful panel discussion with Chandan Pani, CISO - LTIMindtree and Ashish Tandon, Founder & CEO – Indusface, as we explore the multifaceted role of compliance in securing modern enterprises.

Discussion points

The Role of Compliance
The Alphabet Soup of Compliance
Compliance
SaaS and Compliance
Indusface's Approach to Compliance

More like this

Prince Ransomware Hits UK and US via Royal Mail Phishing Scam

A new ransomware campaign targeting individuals and organizations in the UK and the US...

Microsoft, DOJ Dismantle Domains Used by Russian FSB-Linked Hacking Group

Microsoft and the U.S. Department of Justice (DOJ) have successfully dismantled a network of...

Linux Malware perfctl Attacking Millions of Linux Servers

Researchers have uncovered a sophisticated Linux malware, dubbed "perfctl," actively targeting millions of Linux...