April 21, 2024 at 05:15AM
A new information stealer using Lua bytecode was found by McAfee Labs, identified as a variant of RedLine Stealer. It targets cryptocurrency wallets, VPN software, and web browsers, spreading through GitHub by masquerading as game cheats. The malware functions as a backdoor, exfiltrating data to its command-and-control server. It’s part of a wave of malware attacks targeting enterprise environments.
Key Highlights from Meeting Notes:
– A new information stealer using Lua bytecode for stealth has been discovered, assessed as a variant of RedLine Stealer and capable of targeting cryptocurrency wallets, VPN software, and web browsers.
– RedLine Stealer is frequently distributed via email and malvertising campaigns and has been utilized by various threat actors across different regions.
– The malware leverages GitHub and Microsoft repositories to distribute its payload in the form of ZIP archives, masquerading as game cheats to target gamers.
– The approach of using Lua bytecode within an MSI installer provides evasion capabilities and enhances stealth for the threat actor.
– Once installed, the malware establishes persistence on the host, initiating communications with a command-and-control (C2) server and functioning as a backdoor to carry out tasks and exfiltrate data.
– The distribution method of the malware-laden ZIP archives is currently unknown, but there are indications of threat actors taking advantage of GitHub’s search functionality to distribute malware.
– A Russian-language cybercrime operation is targeting the gaming community with fake Web3 gaming projects to deliver infostealer malware for macOS and Windows users.
– A wave of malware campaigns targeting enterprise environments has been observed, utilizing various techniques and infection vectors to deliver payloads such as PikaBot and NewBot Loader.
Let me know if you need any further details or if there are additional specific points to be noted.