Briefing Malware
BLOG CERT SOGETI ESEC
CERT BRIEFING MALWARE

Briefing Malware - 07/12/2021

7th of December 2021 - Winners of the 49th week : Redline, Emotet and Formbook.

Some links points at extended actionnable intelligence (Threat Bulletins, TTPs, signatures, etc) on our Threat Intelligence Platform Anomali. This access is limited to our clients.

 

Threat statistics report

Publication date:

07/12/2021

Distribution :

TLP : WHITE  

What's new?

Redline (NC)

Magnat malvertising campaigns spreads malicious Chrome extensions, backdoors and info stealers

Researchers at #Cisco Talos discovered a new wave of  malware campaigns that can be attributed to a threat actor tracked as #Magnat. The main objective of those campaigns is to lure victims through #online advertising to download an installer, which will infect its computer with a password stealer (#Redline), an #Autolt-based backdoor and a malicious #browser extension dubbed #MagnatExtension that can take #screenshot or perform #key stroke logging. The #C2 used to communicate with victims is hardcoded but can be used to upload additional ones. There is also a #Twitter hashtag translation mechanism to get additional C2 address. The threat actor, #Magnat, is active since the end of 2018 but do not have constant activity. It was first spotted in late 2019 and at the beginning of 2020 before resurfacing in April 2021. The group primarily targets North America, Australia Italy, Spain and Norway.

 

https://securityaffairs.co/wordpress/125297/cyber-crime/magnat-malvertising-campaigns.html

 

Download the report

 

 

Print Email