SELL FASTER BUY SMARTER SEARCH SHOP ADVERTS


SCROll DOWN TO SEE FORM TO POST ..SCROll DOWN TO SEE FORM TO POST
++MAP OR ENTER BELOW

THN

Crypto-Stealing OpcJacker Malware Targets Users with Fake VPN Service

Apr 03, 2023Ravie LakshmananUnited States

A piece of new information-stealing malware called
OpcJacker has been spotted in the wild since the
second half of 2022 as part of a malvertising campaign.

“OpcJacker’s main functions include keylogging, taking
screenshots, stealing sensitive data from browsers, loading
additional modules, and replacing cryptocurrency addresses in the
clipboard for hijacking purposes,” Trend Micro researchers Jaromir
Horejsi and Joseph C. Chen said[1].

The initial vector of the campaign involves a network of fake
websites advertising seemingly innocuous software and
cryptocurrency-related applications. The February 2023 campaign
specifically singled out users in Iran under the pretext of
offering a VPN service.

The installer files act as a conduit to deploy OpcJacker, which
is also capable of delivering next-stage payloads such as NetSupport RAT[2]
and a hidden virtual network computing (hVNC[3]) variant for remote
access.

OpcJacker is concealed using a crypter[4]
known as Babadeda and makes use of a configuration file to activate
its data harvesting functions. It can also run arbitrary shellcode
and executables.

“The configuration file format resembles a bytecode written in a
custom machine language, where each instruction is parsed,
individual opcodes are obtained, and then the specific handler is
executed,” Trend Micro said.

Given the malware’s ability to steal crypto funds from wallets,
the campaigns are suspected to be financially-motivated. That said,
OpcJacker’s versatility also makes it an ideal malware loader.

THN WEBINAR

Become an Incident Response Pro!

Unlock the secrets to bulletproof incident response – Master the
6-Phase process with Asaf Perlman, Cynet’s IR Leader!

Don’t Miss Out –
Save Your Seat![5]

The findings come as Securonix revealed details of an ongoing
attack campaign dubbed TACTICAL#OCTOPUS[6]
that targets U.S. entities with tax-themed lures to infect them
with backdoors to gain access to victim systems as well as capture
clipboard data and keystrokes.

In a related development, Italian and French users searching for
cracked versions of PC maintenance software such as EaseUS
Partition Master and Driver Easy Pro on YouTube are being
redirected to Blogger pages distributing[7]
the NullMixer dropper.

NullMixer also stands out for simultaneously dropping a wide
variety of off-the-shelf malware, including PseudoManuscrypt,
Raccoon Stealer, GCleaner, Fabookie, and a new malware loader
referred to as Crashtech Loader, leading to large-scale
infections.

Found this article interesting? Follow us on Twitter [8]
and LinkedIn[9]
to read more exclusive content we post.

References

  1. ^
    said
    (www.trendmicro.com)
  2. ^
    NetSupport RAT
    (thehackernews.com)
  3. ^
    hVNC
    (www.malwaretech.com)
  4. ^
    crypter
    (thehackernews.com)
  5. ^
    Don’t Miss Out – Save Your Seat!
    (thn.news)
  6. ^
    TACTICAL#OCTOPUS
    (www.securonix.com)
  7. ^
    distributing
    (medium.com)
  8. ^
    Twitter
     (twitter.com)
  9. ^
    LinkedIn
    (www.linkedin.com)

Read more

.An African People Search Engine Business directory and Entertainment Portal . Powered by The Swordpress Blog and the folks @ ojoojoo.com and Dotifi Web hosting

Submit A Place
Help Us Review This SwordPress !

RSS Latest News

Post Views: 941
[activity-stream]
THE HITCH hikers guide to Nigeria JobScout | Developed By Rara Theme. Powered by WordPress.
Get Mobile App Get Mobile App
Get Mobile App

Add a new location

Edit Location

Add up to 5 images to create a gallery for this location.

×