MassLogger was originally discovered in April 2020.
A new version of the infamous credential stealer trojan called MassLogger has resurfaced in a phishing campaign stealing credentials from instant messenger apps, MS Outlook, and Google Chrome.
The new version of the trojan targets Windows users using a compiled HTML file format, which initiates the infection chain. This format is used typically for Windows Help files. However, it may also contain active script components, which in this case is JavaScript that launched the malware operations.
Campaign active in several countries
The campaign was discovered by Cisco Talos researchers who learned that it is mainly affecting users in Turkey, Spain, Russia Italy, and Latvia. The campaign is active since mid-January.
According to researchers, the MassLogger variant disguises its malicious RAR files at the start of the infection chain, a new move from the operators. This helps the malware sidestep detection tools that can potentially block RAR extension-based email attachments.
Malware operators using multi-modular approach
According to a blog post published by researchers, that the malware operator(s) employ a multi-modular approach in this campaign right from the first step of the phishing email to dropping the final payload. Although it allows them to evade detection, it could be a weakness as the defenders will get plentiful opportunities to break the kill-chain.
The phishing email contains a legit-looking subject line related to a business. For instance, one of the emails sent to Turkey users had ..
Support the originator by clicking the read the rest link below.
