Crypto Drainer Malware: A Growing Threat
A Russian-Speaking Cybercrime Gang’s Active Scams
A Russian-speaking cybercrime gang known as Crazy Evil has been linked to over 10 active social media scams that leverage a wide range of tailored lures to deceive victims and trick them into installing malware such as StealC, Atomic macOS Stealer (aka AMOS), and Lumma Stealer.
Overlaps with Stargazer Goblin
Trend Micro’s activity exhibits significant overlaps with tactics attributed to a threat actor referred to as Stargazer Goblin, which has a track record of using GitHub repositories for payload distribution. However, a crucial difference is that the infection chain begins with infected websites that redirect to malicious GitHub release links.
Evolution of Lumma Stealer
"The distribution method of Lumma Stealer continues to evolve, with the threat actor now using GitHub repositories to host malware," security researchers Buddy Tancio, Fe Cureg, and Jovit Samaniego said.
The Malware-as-a-Service Model
"The malware-as-a-service (MaaS) model provides malicious actors with a cost-effective and accessible means to execute complex cyberattacks and achieve their malicious objectives, easing the distribution of threats such as Lumma Stealer."
Stay Informed
Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.
