Briefing Malware
BLOG CERT SOGETI ESEC
CERT BRIEFING MALWARE

Briefing Malware - 26/10/2021

26th of October 2021 - Winners of the 43th week : Redline, NjRAT and Vidar.

Some links points at extended actionnable intelligence (Threat Bulletins, TTPs, signatures, etc) on our Threat Intelligence Platform Anomali. This access is limited to our clients.

 

Threat statistics report

Publication date:

26/10/2021

Distribution :

TLP : WHITE  

What's new?

Redline(NC)

Google unmasks two-year-old phishing & malware campaign targeting YouTube users

#Google Threat analysis Group (TAG) released a report about a malware campaign targeting #Youtube creators for 2 years. Contacted by email to advertise a new product by a fake company, victims were redirected to a malware landing page to download the software. #Cookies and #credentials were stolen by its execution and uploaded to #Command & Control servers, performing all those actions in non-persistent mode (#smash-and-grab technique) in order to let lesser trace if not detected. With those stolen goods, #Youtube channels was sold (from $3 to $4000 USD) and rebranded for #cryptocurrency scam live-streaming promising to victim giveaways on cryptocurrency after an initial contribution. More than 15000 actors and 1000 domains have been identified for this campaign. Some legitimate software were impersonated such as #Cisco VPN or #Luminar, going as far as copying a social media page from an existing company. Various information stealer were observed during this campaign such as #RedLine, #Vidar, #Raccoon or open-source malware like #Sorano and #AdamantiumThief.

 

https://blog.google/threat-analysis-group/phishing-campaign-targets-youtube-creators-cookie-theft-malware/

 

Download the report