216.73.216.86

SVG Phishing hits Ukraine with Amatera Stealer, PureMiner

· Published 26/09/2025 20:06 · Modified 29/09/2025 09:24

Export JSON

Essential information

Published
26/09/2025 20:06
Modified
29/09/2025 09:24
Tags
2025-09-26 amatera stealer chm countloader cryptomining data theft fileless hta loader phishing pureminer svg ukraine
Related entities
7 techniques (mitre), 3 malware, 2 others

Description

A campaign targeting Ukrainian government entities uses malicious files to initiate an infection chain. The attack begins with emails containing attachments that redirect victims to a download site. A file is then used to execute a remote , which delivers two malware payloads: and . harvests extensive information from infected systems, including credentials, system data, application data, browser files, and cryptocurrency wallets. collects hardware information and monitors system activity to deploy efficient CPU or GPU mining modules. The campaign demonstrates sophisticated techniques, including malware delivery and the use of multiple stages to evade detection.

External references