December 12, 2023 at 06:00AM
A recent phishing campaign delivering the MrAnon Stealer malware via innocuous booking-themed PDFs targets Germany, capturing credentials, system info, browser sessions, and cryptocurrency extensions. Disguised as a hotel booking company, the malicious email prompts victims to download an “Adobe Flash update,” leading to the execution of harmful scripts. The malware is sold for $500 per month.
Key takeaways from the meeting notes on Dec 12, 2023:
– A phishing campaign is distributing an information stealer malware called MrAnon Stealer through seemingly harmless booking-themed PDF lures.
– MrAnon Stealer is a Python-based malware compressed with cx-Freeze to evade detection, capable of stealing credentials, system information, browser sessions, and cryptocurrency extensions.
– Germany appears to be the primary target of this attack as of November 2023.
– The phishing email, disguised as a company seeking to book hotel rooms, contains a PDF file that prompts the recipient to download an updated version of Adobe Flash, leading to the execution of malicious scripts and ultimately the deployment of the MrAnon Stealer.
– The MrAnon Stealer is offered for purchase at $500 per month (or $750 for two months), along with additional tools such as a crypter and a stealthy loader.
– The campaign initially disseminated Cstealer in July and August but transitioned to distributing MrAnon Stealer in October and November, suggesting a strategic approach involving the continued use of phishing emails to propagate Python-based stealers.
In addition, the meeting notes mention a spear-phishing email campaign by the China-linked Mustang Panda targeting the Taiwanese government and diplomats with an aim to deploy SmugX, a new variant of the PlugX backdoor.
It’s also noted at the end of the article to follow the organization on Twitter and LinkedIn for more exclusive content.
Let me know if you need further details or if there’s anything else you’d like me to summarize.