Newly discovered botnet malware called SquirtDanger is widely Distributing, selling, and trading in the global underground market and infect the victims to steal the sensitive information.
This Malware was created by the well-known Russian cybercriminal “TheBottle” who is actively creating dangerous malware families and selling it to underground forums.
Beside of this SquirtDanger investigation, TheBottle creating several malware families, including Odysseus Project, Evrial, Ovidiu Stealer, and several others.
SquirtDanger is heavily obfusticated malware family that is written in C# (C Sharp) and has multiple layers of embedded code.
SquirtDanger Malware has an ability to perform following Malicious Activities.
This Malware ability to steal Passwords from Chrome, Firefox, Yandex Browser, Kometa, Amigo, Torch, Opera.
Also has the ability to seek out wallets for various cryptocurrencies such as Litecoin, Bitcoin, Bytecoin, Dash, Electrum Ethereum, Monero.
The Malware coder “TheBottle” has placed this malware code in GitHub repository and that was confirmed by the Paloalto researchers based on the investigation.
A Group of Cyber Criminals are actively contributing to the most dangerous cyber crimes such as coordinating attacks, developing malicious code, and trading/selling access to several different botnets and builders.
A Telegram channel exposing A group of 900 individuals are helping each other for various cyber attacks most of whom appear to be Russian.
Also, this telegram group appears to be some interesting prolific actors who have developed most sophisticated Malware and selling into underground markets.
This Malware distributing as SquirtDanger.dll and Written in C# (C Sharp) language to infect the target Victims and it schedules a task to run each and every min on the compromised computer.
According to PaloAlto Networks Investigation ,Once the installation phase has completed and the malware is found to be executed from the correct location, a new mutex will be created to ensure only one instance of the malware is run at a given time. The following two mutexes have been observed across all analyzed samplesOmagarable
- Aweasome
- DendiBotnet
Later SquirtDanger establish a communication over 119 unique C2 servers that were geographical to share the stolen data into malware author, at the same time it will attempt to obtain a list of additional modules to install.
The LightSpy threat actor exploited publicly available vulnerabilities and jailbreak kits to compromise iOS devices.…
White House National Cyber Director, CEOs, Key Financial Services Companies, Congressional and Executive Branch Experts…
Cybersecurity experts have identified a new Remote Access Trojan (RAT) named PySilon. This Trojan exploits…
The notorious Konni Advanced Persistent Threat (APT) group has intensified its cyber assault on organizations…
Google has updated its Chrome browser, addressing critical vulnerabilities that posed potential risks to millions…
WrnRAT is a new malware attack that cybercriminals have deployed by using popular gambling games…