A lesser-known Water Orthrus APT has re-appeared after a long time with two new malware families capable of performing multiple malicious activities. The new malware are tracked as Copper Stealth and CopperPhish and have been developed for different purposes, such as injecting network advertisements, acquiring personal information, and stealing crypto assets. Previously,
About CopperStealth campaign
According to Trend Micro researchers, the campaign delivering CopperStealth was observed targeting Chinese users on March 8.
- The malware was distributed via installers for free software provided on a popular Chinese software-sharing website.
- Upon execution, CopperStealth dropped a rootkit, which later injected other payloads into explorer.exe and another system process.
Then comes CopperPhish campaign
Another campaign began launching the CopperPhish phishing kit globally in April.
- It was delivered via PrivateLoader malware masquerading as advertisements on free anonymous file-sharing websites.
- After execution, the phishing kit used two different processes, namely credential verification and confirmation code, for persistence and later stole credit card information from targeted systems.
Conclusion
The two new campaigns indicate that the Water Orthrus has gone just beyond cryptocurrency stealing to harvest personal information from users. Moreover, they have come up with new tactics to expand their attacks. Organizations must leverage the updated IOCs associated with the malware families to better understand the attack campaign and implement required protection measures to stay safe.
Publisher
/https://cyware-ent.s3.amazonaws.com/image_bank/shutterstock_189084500.jpg)
/https://cyware-ent.s3.amazonaws.com/image_bank/0271_shutterstock_1777955912.jpg)
