CryptBot and Allies: CoralRaider's Global Malware Blitz via CDN Cache

April 25, 2024
CryptBot and Allies: CoralRaider's Global Malware Blitz via CDN Cache
  • A sophisticated malware campaign, active since February 2024, is distributing CryptBot, LummaC2, and Rhadamanthys stealers.

  • The malicious software is being spread by CoralRaider, a threat actor targeting a wide range of business sectors internationally.

  • The malware is cleverly disguised as movie files and is hosted on CDN cache domains, complicating detection efforts.

  • Victims are being tricked into downloading the malware through drive-by downloads initiated by phishing emails.

  • The attack uses a PowerShell loader script that evades User Access Controls via the FodHelper bypass technique.

  • Once installed, the malware harvests extensive personal data, including system info, browser data, credentials, cryptocurrency wallets, and financial details.

  • The latest version of CryptBot features advanced anti-analysis measures and can now access password managers and authenticator apps, enhancing its data theft capabilities.

Summary based on 1 source


Get a daily email with more Cybersecurity stories

Related Stories