Cisco Talos has uncovered a credential-stealing trojan that lifts your login details from the Chrome browser, Microsoft's Outlook and instant messengers.
Delivered through phishing emails, the Masslogger trojan’s latest variant is contained within a multi-volume RAR archive using the .chm file format and .r00 extensions, said Switchzilla’s security research arm.
“CHM is a compiled HTML file that contains an embedded HTML file with JavaScript code to start the active infection process. Every stage of the infection is obfuscated to avoid detection using simple signatures,” it said.
Opening the “help” file deploys the malware onto the target system.
Cisco Talos added: “Masslogger is a credential stealer and keylogger with the ability to exfiltrate data through SMTP, FTP or HTTP protocols. For the first two, no additional server-side components are required, while the exfiltration over HTTP is done through the Masslogger control panel ..
Support the originator by clicking the read the rest link below.
