Information Stealer Masquerades as LDAPNightmare (CVE-2024-49113) PoC Exploit
In December 2024, two critical vulnerabilities in Microsoft’s Windows Lightweight Directory Access Protocol (LDAP) were addressed via Microsoft’s monthly Patch Tuesday release. Both vulnerabilities were deemed as highly significant due to the widespread use of LDAP in Windows environments: In this blog entry, we discuss a fake proof-of-concept (PoC) exploit for CVE-2024-49113 (aka LDAPNightmare) designed to lure security researchers […]
Telefonica Breach: Infostealer Malware Opens Door for Social Engineering Tactics
Telefonica, a major telecommunications company, recently confirmed a breach in their internal ticketing system, which led to a significant data leak. The breach involved unauthorized access and extraction of sensitive information, including a vast amount of employee and operational data. Infostealer Malware and Social Engineering Tactics New information has emerged indicating that the breach was […]
“Can you try a game I made?” Fake Game Sites Lead to Information Stealers
The background and the IOCs for this blog were gathered by an Expert helper on our forums and Malwarebytes researchers. Our thanks go out to them. A new, malicious campaign is making the rounds online and it starts simple: Unwitting targets receive a direct message (DM) on a Discord server asking about their interest in […]
Silent Threats, Strategic Insights: Harnessing Info Stealer Data for Better Decisions
The cybersecurity landscape is rife with challenges, but some threats are quieter, subtler — and deadlier. Info stealers, the silent operators of the malware world, have made headlines for their efficiency in siphoning off sensitive data. While their mechanics and prevalence are well-documented, the real question for decision-makers is not just what these threats are but how to effectively […]
North Korean Hackers Adopt Infostealer Spreading Tactics in Latest Campaign
In a recent campaign, North Korean threat actors have demonstrated a sophisticated approach by copying novel malware distribution techniques, notably those employed in the Clickfix campaigns. This strategy underscores their adaptability and awareness of cybercrime trends. The Attack Sequence The operation initiates with the attackers posing as recruiters on professional networking platforms like LinkedIn. They […]
Lumma 2024: Dominating the Info-Stealer Market
In this blog, we analyze the evolution of Lumma in 2024, based on the Diamond Model vertices. Disclaimer: Everything stated in this blog is for informational purposes only, with no intention of promoting the use of these products. Key Points Adversary Lumma (aka LummaC2, Lummac and Lumma Stealer) is an advanced information-stealing Malware-as-a-Service (MaaS) with Russian […]
Interview with Pryx Part 2: Diving Deeper into Server-Side Stealers & Other Interesting Chit-chats (Video Included)
In our previous interview with Pryx, the threat actor briefly touched upon the concept of server-side stealers claiming it to be completely different from how traditional info-stealers work. We were interested in learning more about this new innovative approach so we decided to dive deeper in a follow-up chat-based interview. This time, Pryx not only explained […]
A Multi-Actor Infrastructure Investigation (Mapping the Malware Maze)
Another finding by Fox, related to LummaC2 infostealer sparked an infra hunt that led to many findings. C2 Host Pivot & Windows Server Pattern Following the finding of X user Fox_threatintel, we can see that there are 17 hosts matching the query for specific nginx versions running on port 19000. What stands out immediately are the findings […]
Profiling CSAM Consumers Using Infostealers Data
If there is one type of content strictly banned and monitored across every platform on the internet, it is the CSAM (Child Sexual Abuse Material). For this reason, those who seek to consume such content must turn to very specific channels to access it. Across mainstream platforms like social media, websites on the clear web, […]
Server-Side Infostealers: How Initial Access Broker Pryx is Revolutionizing Infostealers
In a recent interview given to Osint10x , “Pryx”, the admin of the Hellcat Ransomware Group, shared insights into their methods, their vision for the future of infostealers, and how server-side innovations are reshaping the game. Breaking Down the Traditional Infostealer Model Traditionally, infostealers rely on client-side operations, with malicious payloads deployed directly on victim machines. […]
“DeceptionAds” — Fake Captcha Driving Infostealer Infections and a Glimpse to the Dark Side of Internet Advertising
Guardio Labs tracked and analyzed a large-scale fake captcha campaign distributing a disastrous Lumma info-stealer malware that circumvents general security measures like Safe Browsing. Entirely reliant on a single ad network for propagation, this campaign showcases the core mechanisms of malvertising — delivering over 1 million daily “ad impressions” and causing thousands of daily victims to lose their […]
Tracking the FBI’s Most Wanted: “RedLine” Info-Stealer Creator Maxim Rudometov
A coalition of international law enforcement agencies has been investigating the creator and distributor of the notorious infostealer variant RedLine in an operation codenamed “Operation Magnus.” RedLine, a MaaS (Malware-as-a-Service), has stolen sensitive data from millions of users worldwide, including credit card information, browser history, autofill form data, emails, and passwords. Active since 2020, RedLine […]