December 28, 2023 at 01:54AM
A new malware loader, Win/TrojanDownloader.Rugmi, is being used to distribute various information stealers like Lumma Stealer, Vidar, and RecordBreaker. ESET reports a spike in Rugmi loader detections in late 2023. Stealer malware, like Lumma, is sold as a service, utilizing various distribution methods including leveraging Discord’s content delivery network. McAfee also disclosed a new variant of NetSupport RAT.
From the meeting notes, it is clear that there is a significant concern about the increase in cyber threats related to new types of malware and cybersecurity breaches. The notes highlight the emergence of a new malware loader being used by threat actors to deliver various information stealers. Several specific types of malware, such as Lumma Stealer, Vidar, and RecordBreaker, are mentioned, with a focus on the trojan Win/TrojanDownloader.Rugmi.
The notes also emphasize the increasing use of malware-as-a-service (MaaS) models and the repurposing of codebases for creating new types of malware, as well as the diverse methods of distributing these threats, including malvertising, fake software updates, and leveraging Discord’s content delivery network. The usage of obfuscated JavaScript files and PowerShell commands in delivering malware and the specific geotargeting of the U.S. and Canada are highlighted as well.
Overall, the meeting notes bring attention to the evolving tactics employed by cybercriminals and the need for increased vigilance and proactive measures to address the growing cybersecurity challenges.