New Malware Targets Chrome, Edge, Firefox, and Crypto Wallets
Dark web hackers are linked to a new spam campaign that targets the major search engines. The scam was reported by security researcher and ISC Handler Brad Duncan, who revealed that he has found proof that META was actively used by hacking groups in recent cyber attacks.
According to the security analysts, the newly discovered hack is being deployed to infiltrate popular web browsers inclusive of Firefox, Microsoft Edge, and Google Chrome. And while it is capable of stealing stored passwords from the search engines, the analyst also stated it can target cryptocurrency wallets and steal stored PINs, giving criminal hackers free access to billions of stored crypto assets.
New 2022 Phishing Malware META
Reportedly, the dark web hackers utilize a malspam marketing campaign to mass distribute the new 2022 META phishing malware. What’s more, the uniqueness of the brand new info-stealer malware has become a super hacking tool amongst criminal hackers.
With its rising reputation, META is ranked highly with other renowned info-stealers such as Mars Stealer and BlackGuard. These new information stealing malware were created by deep web hackers to replace the defunct Raccoon Stealer’s exit. The cyber analysts tracking deep web hacking groups stated that the spamware operators wanted to benefit from hackers from the popular Raccoon Stealer platform, searching for subsequent replacements.
After a cyber security analyst issued a warning about the TwoEasy botnet market, Bleeping Computer reported about META and its dynamic entrance. The hacking instrument price tag is set at $125 for a monthly membership, or $1,000 offers hackers limitless lifetime usage, in addition to being promoted as a premium improvement for the RedLine model.
Excel Spreadsheet Scam
Furthermore, the improved and highly promoted virus infection campaign uses the identical “traditional” phishing strategy. It shows that the macro Excel spreadsheet targets potential victims as email attachments sent to their inboxes. With the malicious script running, it will next download multiple payloads, such as DLLs from GitHub and other similar sites.
The emails make fake claims about financial transfers that have proven in the past to be quite successful for deep web hacking groups. Additionally, the XL spreadsheet files contain a DocuSign bait that encourages potential victims to “enable content”, which is necessary to launch the malicious VBS macro in the background.
Malware Creates New Registry
To remain undetected by security software, some of the downloaded files are base64 encoded or have their bytes inverted. Next, the EXE file generating data to a command and control server at 193.106.191[.]162 is obvious evidence of the infection, and even when the system reboots, the infection process on the compromised machine continues anyway.
To further prevent its files from detection, META alters Windows Defender through PowerShell to exclude .exe files from scanning. Finally, the full payload is constructed on the PC under the probable random name “qwveqwveqw.exe,” and a new registry entry is inserted for persistence.
Thus, with all steps in place; the newly installed malicious malware gives the dark web hackers priority access to private and confidential details, to further launch their criminal hacking campaigns.