216.73.216.174

Threat actors use copyright infringement phishing lure to deploy infostealers

· Published 31/10/2024 21:16 · Modified 01/11/2024 17:26

Export JSON

Essential information

Published
31/10/2024 21:16
Modified
01/11/2024 17:26
Tags
2024-10-31 copyright evasion facebook infostealer lummac2 obfuscation phishing rhadamanthys taiwan
Related entities
17 techniques (mitre), 2 malware, 4 others

Description

An unknown threat actor is conducting a campaign targeting business and advertising account users in . The campaign uses emails impersonating legal departments, claiming infringement to lure victims into downloading malware. The attackers abuse Google's Appspot domains, short URLs, and Dropbox to deliver information stealers, employing various techniques. The malware includes and stealers, which are embedded in legitimate binaries. The campaign specifically targets traditional Chinese speakers and uses well-known company names in and Hong Kong to increase credibility. The infection chain involves encrypted archives, fake PDF executables, and sophisticated loaders that employ anti-analysis techniques and ensure persistence on infected systems.

External references