Threat Actor Distributes Python-Based Info Stealer Using Fake Update

216.73.217.22

Threat Actor Distributes Python-Based Info Stealer Using Fake Update

· Published 29/07/2024 11:29 · Modified 29/07/2024 12:03

Essential information

Published: 29/07/2024 11:29
Modified: 29/07/2024 12:03
Tags: 2024-07-29 connecio falcon stealer
Related entities: 30 observables, 4 techniques (mitre), 1 malware

Description

An unidentified threat actor exploited the July 19, 2024 Falcon sensor content issue to distribute a Python-based information stealer named Connecio. The malware was delivered via a malicious ZIP file masquerading as a Falcon update. Connecio collects system information, browser data, and exfiltrates it over SMTP to attacker-controlled accounts. It also contains functionality for clipboard hijacking related to cryptocurrency addresses.

External references

https://www.crowdstrike.com/blog/threat-actor-distributes-python-based-information-stealer/
https://otx.alienvault.com/pulse/66a77d0f5896bee31c5eb258