Articles Archive

Infostealer Logs to Fuel a New Wave of AWS Ransomware Attacks

Introduction Recent research from Halcyon has uncovered a novel approach by a threat actor — referred to as Codefinger — who is actively abusing Amazon Web Services (AWS) by leveraging…

Jan 14, 2025 5 min read

Blog Post

Information Stealer Masquerades as LDAPNightmare (CVE-2024-49113) PoC Exploit

In December 2024, two critical vulnerabilities in Microsoft's Windows Lightweight Directory Access Protocol (LDAP) were addressed via Microsoft’s monthly Patch Tuesday release. Both vulnerabilities were deemed as highly significant due…

Jan 13, 2025 4 min read

Blog Post

Telefonica Breach: Infostealer Malware Opens Door for Social Engineering Tactics

Telefonica, a major telecommunications company, recently confirmed a breach in their internal ticketing system, which led to a significant data leak. The breach involved unauthorized access…

Jan 11, 2025 4 min read

Blog Post

“Can you try a game I made?” Fake Game Sites Lead to Information Stealers

The background and the IOCs for this blog were gathered by an Expert helper on our forums and Malwarebytes researchers. Our thanks go out to them.…

Jan 5, 2025 4 min read

Blog Post

Silent Threats, Strategic Insights: Harnessing Info Stealer Data for Better Decisions

The cybersecurity landscape is rife with challenges, but some threats are quieter, subtler — and deadlier. Info stealers, the silent operators of the malware world, have…

Jan 2, 2025 19 min read

Blog Post

North Korean Hackers Adopt Infostealer Spreading Tactics in Latest Campaign

In a recent campaign, North Korean threat actors have demonstrated a sophisticated approach by copying novel malware distribution techniques, notably those employed in the Clickfix campaigns.…

Dec 28, 2024 4 min read

Blog Post

Lumma 2024: Dominating the Info-Stealer Market

In this blog, we analyze the evolution of Lumma in 2024, based on the Diamond Model vertices. Disclaimer: Everything stated in this blog is for informational…

Dec 28, 2024 11 min read

Blog Post

Interview with Pryx Part 2: Diving Deeper into Server-Side Stealers & Other Interesting Chit-chats (Video Included)

In our previous interview with Pryx, the threat actor briefly touched upon the concept of server-side stealers claiming it to be completely different from how traditional info-stealers…

Dec 22, 2024 7 min read

Blog Post

A Multi-Actor Infrastructure Investigation (Mapping the Malware Maze)

Another finding by Fox, related to LummaC2 infostealer sparked an infra hunt that led to many findings. C2 Host Pivot & Windows Server Pattern Following the finding…

Dec 21, 2024 4 min read

Blog Post

Profiling CSAM Consumers Using Infostealers Data

If there is one type of content strictly banned and monitored across every platform on the internet, it is the CSAM (Child Sexual Abuse Material). For…

Dec 21, 2024 9 min read

Blog Post

Server-Side Infostealers: How Initial Access Broker Pryx is Revolutionizing Infostealers

In a recent interview given to Osint10x , “Pryx”, the admin of the Hellcat Ransomware Group, shared insights into their methods, their vision for the future of…

Dec 17, 2024 5 min read

Blog Post

“DeceptionAds” — Fake Captcha Driving Infostealer Infections and a Glimpse to the Dark Side of Internet Advertising

Guardio Labs tracked and analyzed a large-scale fake captcha campaign distributing a disastrous Lumma info-stealer malware that circumvents general security measures like Safe Browsing. Entirely reliant…

Dec 16, 2024 23 min read