Recently, researchers from Proofpoint have identified a new threat that tries to dupe people with the fake pretense of a professional-looking website, claiming to provide enhanced security. This pretense can be considered ironic, as it actually ends up deploying infostealer malware on the victim machine.

What was discovered?

Some threat actors developed a legitimate-looking website masquerading as a Privacy Tools service that claims to provide utility tools to secure personal and business data.
  • This so-called Privacy Tools service is being promoted as a zip-like utility that can encrypt user data ensuring security.
  • The website provides detailed information about the alleged services, including step-by-step instructions that guide the users to download and use the privacy tools.
  • By following the instructions, the victim eventually ends up installing the Smoke Loader malware, which is a modular downloader with multiple capabilities.
  • The Smoke Loader tool further downloads two data-stealing malware, Redline and Raccoon Stealer.

Recent infostealer attacks

In the past some time, several attackers have been observed spreading infostealer malware by using fake pretenses or other methods to lure their victims.
  • In the previous month, some attackers were found abusing some Pay-Per-Click (PPC) ads in Google’s search results that would download malicious AnyDesk, Dropbox, and Telegram packages. These fake apps would eventually infect the victims with Redline, Taurus, Tesla, and Amadey infostealer malware.
  • Earlier, some threat actors were found abusing the Microsoft Build (MSBuild) Engine to infect their victims with Remcos RAT and Quasar RAT, along with RedLine Stealer.

Conclusion

The latest campaign shed some light on the increasing amount of efforts attackers are putting into making such privacy-themed lures realistic and effective. Furthermore, the increasing use of infostealers raises concerns about the ever-growing demand for private information in the underground markets. Therefore, users are recommended to stay protected by using reliable anti-malware solutions.

Cyware Publisher

Publisher

Cyware