CoralRaider Cyber Threat: Global Phishing Attacks Deploy Trio of Stealthy Info Stealers
April 24, 2024
CoralRaider, a likely Vietnamese threat actor identified by Cisco's Talos, uses multiple information stealers to target global users.
Since 2023, CoralRaider expanded its operations to a broad range of countries including Ecuador, Egypt, Germany, Japan, and the US.
The attack vector is phishing emails with malicious links leading to ZIP files that initiate a sophisticated multi-stage infection.
The malware used includes CryptBot, LummaC2, and Rhadamanthys, aiming to steal browser data, cryptocurrency wallet info, and other sensitive data.
CoralRaider leverages a CDN cache to host malicious files, aiding in evasion of detection and complicating network defense efforts.
A wide range of users and business sectors are at risk due to the methods and scope of CoralRaider's phishing and malware distribution.
Summary based on 1 source
Get a daily email with more Tech stories
Source

SecurityWeek • Apr 24, 2024
Threat Actor Uses Multiple Infostealers in Global Campaign