{
  "name": "How Cracks and Installers Bring Malware to Your Device",
  "slug": "how-cracks-and-installers-bring-malware-to-your-device",
  "description": "Trend Micro research shows how attackers use platforms like YouTube to spread fake installers via trusted hosting services, employing encryption to evade detection and steal sensitive browser data.",
  "published": "2025-01-14T14:22:07+00:00",
  "created_at": "2025-01-14T14:22:07+00:00",
  "modified_at": "2025-01-15T18:48:36+00:00",
  "created_at_opencti": "2025-01-14T14:22:07+00:00",
  "author": "",
  "confidence": null,
  "report_types": [],
  "labels": [],
  "tags": [
    "2025-01-14",
    "amadey",
    "c2 servers",
    "cyber threats",
    "domains",
    "hashes",
    "ioc",
    "lummastealer",
    "malware detection",
    "marsstealer",
    "penguish",
    "privateloader",
    "revil",
    "rugmi",
    "sodin",
    "sodinokibi",
    "urls",
    "vidar"
  ],
  "related_entities": {
    "malware": [
      {
        "id": "legacy:malware:f0c1a6500747f4ec",
        "name": "MARSSTEALER",
        "slug": "marsstealer"
      },
      {
        "id": "legacy:malware:b4175f4afe1858a7",
        "name": "RUGMI",
        "slug": "rugmi"
      },
      {
        "id": "legacy:malware:c1277afa12f60ece",
        "name": "Sodinokibi",
        "slug": "sodinokibi"
      },
      {
        "id": "legacy:malware:0e7b3cd3a32a0ac9",
        "name": "Sodin",
        "slug": "sodin"
      },
      {
        "id": "legacy:malware:b89e429cb9782a4a",
        "name": "REvil - S0496",
        "slug": "revil-s0496"
      },
      {
        "id": "legacy:malware:22cebae9fb28ad81",
        "name": "LummaStealer",
        "slug": "lummastealer"
      },
      {
        "id": "0100163d-057d-4bd9-9194-f30e39c9fc53",
        "name": "PENGUISH",
        "slug": "penguish"
      },
      {
        "id": "legacy:malware:760697ec60a50988",
        "name": "Amadey - S1025",
        "slug": "amadey-s1025"
      },
      {
        "id": "2c582ed8-35df-4ef9-917d-994e214aa5f9",
        "name": "Vidar",
        "slug": "vidar"
      },
      {
        "id": "legacy:malware:1530123b33559dbd",
        "name": "PrivateLoader",
        "slug": "privateloader"
      }
    ],
    "attack_patterns": [
      {
        "id": "2ccc4626-0e86-4148-a5a8-2aa270e22dbd",
        "name": "T1588.001"
      },
      {
        "id": "6a146066-5a78-493c-a26a-133b62c1149e",
        "name": "T1588.002"
      },
      {
        "id": "e7d42089-23ed-495f-a2bc-c942c4e56fb7",
        "name": "T1573.002"
      },
      {
        "id": "5999052b-e9ae-49e8-9235-d9bf975c22af",
        "name": "T1547.001"
      },
      {
        "id": "93b2c4dd-5523-4464-8976-78754ee372fd",
        "name": "T1012"
      },
      {
        "id": "667462db-9031-48eb-893a-05d35f9330a7",
        "name": "T1056.001"
      },
      {
        "id": "c9ee9b30-ba84-4c24-95e9-e8242d42af3f",
        "name": "T1071.001"
      },
      {
        "id": "196f2a64-c55b-47a6-8e38-beb76ba700b6",
        "name": "T1204.002"
      },
      {
        "id": "70616b2f-4019-4963-b758-5d9f6f20e201",
        "name": "T1082"
      },
      {
        "id": "c473a756-355a-42ad-a0df-cd3a8fa006d1",
        "name": "T1057"
      },
      {
        "id": "45082a8e-9c79-470e-ad1b-decac7188e8f",
        "name": "T1083"
      },
      {
        "id": "c3af9fd7-d307-4df4-9220-cc627938fb85",
        "name": "T1055"
      },
      {
        "id": "09124a92-c11f-4571-b35b-ab0bce6dd081",
        "name": "T1112"
      },
      {
        "id": "9b6064e6-a05b-4e95-baf5-34d180bc9221",
        "name": "T1059"
      }
    ]
  },
  "external_refs": [
    "https://www.trendmicro.com/en_us/research/25/a/how-cracks-and-installers-bring-malware-to-your-device.html",
    "https://documents.trendmicro.com/assets/txt/Fakeinstallers-IOCswCQX6fX.txt",
    "https://otx.alienvault.com/pulse/6786811f4d9b099bed66338e"
  ]
}