Hackers are adept at exploiting the ignorance of German users by infecting their devices with malware.
Security researchers at Fortinet have discovered a new phishing campaign targeting users from Germany that is massively distributing the MrAnon Stealer malware.
Kara Lin, a researcher at FortiGuard Labs, explained that MrAnon Stealer is a Python-based information stealer compressed using cx-Freeze to bypass detection. The program steals credentials, system information, intercepts browser sessions and data from extensions for cryptocurrencies.
The information obtained by experts indicates that the main target of this attack, as of November 2023, is Germany. Phishing emails disguise themselves as requests to book hotel rooms, and the attached PDF file, when opened, offers the recipient to download an allegedly updated version of Flash Player, which is very funny, since support for this software has been officially discontinued by Adobe itself for several years.
Consent leads to downloading and launching .NET executable files and PowerShell scripts that eventually run MrAnon Stealer, which collects data from various applications and transmits it to attackers.
Malware can also intercept information from instant messengers and VPN clients and upload files with certain extensions. For such functionality, the author of the infostealer, who openly distributes it on cybercrime forums, asks for $ 500 per month. The price may vary depending on the customer's choice of additional options for the type of hidden loader or cryptographer.
According to the researchers, the malware campaign initially distributed the Cstealer malware in July and August, but then switched to distributing MrAnon Stealer in October and November. This indicates a strategic approach that includes adapting to the current situation in the field of cybersecurity software. However, the malware distribution channel remains unchanged — phishing emails.
The Fortinet study once again demonstrates how important it is to be vigilant against phishing attacks and malware, as well as to have a basic knowledge of the current situation in the software market. After all, if the victims knew that there simply could not be any Flash Player update in 2023, they would not have clicked the ill-fated button and kept their data safe.
To protect yourself from such threats, you need to be careful when opening attachments and links from questionable sources. The best solution is not to open them at all. And the use of reliable antivirus software, as well as regular updates of the system and software, will help to further increase the chances of data security.
Security researchers at Fortinet have discovered a new phishing campaign targeting users from Germany that is massively distributing the MrAnon Stealer malware.
Kara Lin, a researcher at FortiGuard Labs, explained that MrAnon Stealer is a Python-based information stealer compressed using cx-Freeze to bypass detection. The program steals credentials, system information, intercepts browser sessions and data from extensions for cryptocurrencies.
The information obtained by experts indicates that the main target of this attack, as of November 2023, is Germany. Phishing emails disguise themselves as requests to book hotel rooms, and the attached PDF file, when opened, offers the recipient to download an allegedly updated version of Flash Player, which is very funny, since support for this software has been officially discontinued by Adobe itself for several years.
Consent leads to downloading and launching .NET executable files and PowerShell scripts that eventually run MrAnon Stealer, which collects data from various applications and transmits it to attackers.
Malware can also intercept information from instant messengers and VPN clients and upload files with certain extensions. For such functionality, the author of the infostealer, who openly distributes it on cybercrime forums, asks for $ 500 per month. The price may vary depending on the customer's choice of additional options for the type of hidden loader or cryptographer.
According to the researchers, the malware campaign initially distributed the Cstealer malware in July and August, but then switched to distributing MrAnon Stealer in October and November. This indicates a strategic approach that includes adapting to the current situation in the field of cybersecurity software. However, the malware distribution channel remains unchanged — phishing emails.
The Fortinet study once again demonstrates how important it is to be vigilant against phishing attacks and malware, as well as to have a basic knowledge of the current situation in the software market. After all, if the victims knew that there simply could not be any Flash Player update in 2023, they would not have clicked the ill-fated button and kept their data safe.
To protect yourself from such threats, you need to be careful when opening attachments and links from questionable sources. The best solution is not to open them at all. And the use of reliable antivirus software, as well as regular updates of the system and software, will help to further increase the chances of data security.
