An updated sample of the CopperStealer malware infecting systems via websites hosting fake cracks for apps and other software has been reported. These fake programs are abused by cyber adversaries to launch a variety of attacks.
Dropping the CopperStealer
In this attack campaign, the hackers took advantage of the demand for cracks by providing a fake cracked app that actually contained malware.
- The infection begins with a website, or channels like Telegram, offering/presenting fake cracks for downloading and installing the desired cracks.
- The downloaded archive files contain a text file with a password and another encrypted archive.
- After the password mentioned in the text file is entered, the decrypted archive shows the executable files.
- In this sample, there are two files CopperStealer and Vidar stealer.
How Copper Stealer and Vidar stealer can harm your systems?
Multiple system infections, serious privacy concerns, money losses, and identity theft can all be brought on by CopperStealer and Vidar stealer.
CopperStealer
CopperStealer’s main function is to steal saved login information - usernames and passwords and internet cookies from certain browsers.
Mostly targets the login information for Facebook and Instagram accounts with a business focus.
- CopperStealer variations also go after login information for platforms and services including Twitter, Tumblr, Apple, Amazon, Bing, and Apple.
- Google Chrome, Microsoft Edge, Mozilla Firefox, Opera, and Yandex are among the browsers from which the malware can steal Facebook-related credentials.
Vidar stealer
The primary vectors for spreading this malware are via pirated software and targeted phishing campaigns.
- Vidar stealer has the ability to steal credit cards, usernames, passwords, and files, as well as take screenshots of the user's desktop.
- Information is stolen by the malware Vidar from a variety of browsers and other system apps.
- It can also steal wallets for cryptocurrencies such as Bitcoin and Ethereum.
Closing lines
Data stealers such as CopperStealer can be used by attackers to steal sensitive information for more illicit purposes. The users can stay safe by following the below-mentioned steps:
- Avoid downloading cracks from third-party websites.
- Keep your systems constantly patched through the latest updates.
- Highly recommended to enable security detection and prevention solutions to protect systems from threats.
Publisher
/https://cyware-ent.s3.amazonaws.com/image_bank/shutterstock_280783856.jpg)
/https://cyware-ent.s3.amazonaws.com/image_bank/6437_shutterstock_680078848.jpg)
