A piece of new details-thieving malware called OpcJacker has been spotted in the wild considering that the 2nd fifty percent of 2022 as element of a malvertising campaign.
“OpcJacker’s main capabilities include things like keylogging, getting screenshots, thieving sensitive knowledge from browsers, loading added modules, and changing cryptocurrency addresses in the clipboard for hijacking reasons,” Trend Micro researchers Jaromir Horejsi and Joseph C. Chen explained.
The original vector of the campaign will involve a network of bogus web sites advertising and marketing seemingly innocuous software package and cryptocurrency-linked purposes. The February 2023 marketing campaign precisely singled out customers in Iran underneath the pretext of providing a VPN company.
The installer files act as a conduit to deploy OpcJacker, which is also capable of providing subsequent-phase payloads these as NetSupport RAT and a hidden virtual network computing (hVNC) variant for distant access.
OpcJacker is concealed applying a crypter recognised as Babadeda and will make use of a configuration file to activate its data harvesting features. It can also run arbitrary shellcode and executables.
“The configuration file structure resembles a bytecode prepared in a tailor made equipment language, where by each and every instruction is parsed, individual opcodes are attained, and then the particular handler is executed,” Pattern Micro mentioned.
Supplied the malware’s potential to steal crypto cash from wallets, the campaigns are suspected to be financially-inspired. That said, OpcJacker’s versatility also can make it an ideal malware loader.
THN WEBINARBecome an Incident Response Pro!
Unlock the tricks to bulletproof incident reaction โ Master the 6-Stage procedure with Asaf Perlman, Cynet’s IR Leader!
Really don’t Miss out on Out โ Save Your Seat!
The conclusions come as Securonix disclosed specifics of an ongoing attack campaign dubbed TACTICAL#OCTOPUS that targets U.S. entities with tax-themed lures to infect them with backdoors to attain accessibility to target units as well as capture clipboard info and keystrokes.
In a relevant enhancement, Italian and French buyers searching for cracked versions of Laptop routine maintenance computer software this sort of as EaseUS Partition Master and Driver Simple Pro on YouTube are getting redirected to Blogger pages distributing the NullMixer dropper.
NullMixer also stands out for simultaneously dropping a extensive range of off-the-shelf malware, like PseudoManuscrypt, Raccoon Stealer, GCleaner, Fabookie, and a new malware loader referred to as Crashtech Loader, leading to substantial-scale bacterial infections.
Identified this posting fascinating? Stick to us on Twitter ๏ and LinkedIn to read far more distinctive material we put up.
Some parts of this article are sourced from:
thehackernews.com