Double Trouble: Latrodectus And ACR Stealer Observed Spreading Via Google Authenticator Phishing Site
Essential information
- Published
- 20/08/2024 09:06
- Modified
- 20/08/2024 09:25
- Tags
- 2024-08-20 acr stealer cybersecurity downloader latrodectus malware phishing stealer
- Related entities
- 6 vulnerabilities (cve), 15 observables, 10 techniques (mitre), 2 malware
Description
The Cyble Research and Intelligence Lab (CRIL) discovered a sophisticated phishing website mimicking Google Safety Centre, designed to trick users into downloading malware. The malware, compromising security and stealing sensitive information, drops two threats: Latrodectus, which maintains persistence and collects user data; and ACR Stealer, which employs Dead Drop Resolver to obscure its Command and Control server. Latrodectus shows ongoing development with encryption key updates and new commands.