The evolution of the threat landscape is marked by increasingly sophisticated cyber threats driven by advancements in technology and the changing motivations of threat actors.
While the key trends include the rise of ransomware, supply chain attacks, and the exploitation of vulnerabilities in IoT devices.
Recently, cybersecurity researchers at OALABS discovered that threat actors have been forcing victims into entering login credentials for stealing.
Threat Actors have Forcing Victims
Recently, a sophisticated credential theft technique combines browser manipulation with traditional stealer malware.
Decoding Compliance: What CISOs Need to Know – Join Free Webinar
Since August 22, 2024, this method has been observed, and it involves deploying a “credential flusher” along with malware like “StealC.”
The flusher, typically an “AutoIt” script that is compiled into an executable (78f4bcd5439f72e13af6e96ac3722fee9e5373dae844da088226158c9e81a078), identifies installed browsers and launches the preferred one like “Chrome,” “Edge,” “Brave,” in kiosk mode.
- kiosk
- disable-features=TranslateUI
- disable-popup-blocking
The script persistently relaunches the browser if the browser is closed and uses hotkey settings to prevent escape.
The accompanying stealer malware, like StealC (99e3eaac03d77c6b24ebd5a17326ba051788d58f1f1d4aa6871310419a85d8af), then exfiltrates these saved credentials.
While distributing the “StealC,” the “Amadey loader” (0ec952da5d48ceb59202823d7549139eb024b55d93c2eaf98ca6fa99210b4608) deploys this technique.
From a remote server (“http://31.41.244[.]11/steam/random. exe”), StealC and credential flusher were deployed, and not only that, even under this complete attack chain, Amadey infection is also involved.
By manipulating user behavior rather than directly intercepting input, this stealthy tactic evades traditional credential theft protections, making it a significant threat in the evolving landscape of cybersecurity.
Are You From SOC/DFIR Teams? - Try Advanced Malware and Phishing Analysis With ANY.RUN - 14-day free trial