216.73.217.80

Part 2: Compromised WordPress Pages and Malware Campaigns

· Published 16/05/2025 08:51 · Modified 21/05/2025 21:24

Export JSON

Essential information

Published
16/05/2025 08:51
Modified
21/05/2025 21:24
Tags
2025-05-16 android credential-theft phishing proton66 ransomware remcos strela stealer weaxor wordpress xworm
Related entities
45 observables, 11 techniques (mitre), 4 malware, 12 others

Description

This analysis focuses on malware campaigns linked to , particularly those targeting devices through compromised websites. The threat actors used redirector scripts to target users from various countries, mimicking the Google Play Store. Additionally, the campaign targeted Korean-speaking users through fake investment chat rooms. The targeted email clients in German-speaking countries, while the , a revised version of Mallox, was also observed. The report details the infection chains, provides IOCs, and recommends blocking CIDR ranges associated with and Chang Way Technologies to mitigate risks.

External references