April 24, 2024 at 09:15AM Cisco’s Talos security research unit warns of threat actor CoralRaider using information stealers to target users worldwide and harvest credentials and financial data. The threat actor, likely of Vietnamese origin, has been active since at least 2023 and has been targeting users with a combination of three information stealers—Cryptbot, LummaC2, … Read more
April 24, 2024 at 01:39AM A new malware campaign, linked to threat actor CoralRaider, is distributing multiple stealers via Content Delivery Network (CDN) cache domains. The campaign targets various businesses in different countries, adopting deceptive tactics such as phishing emails and booby-trapped links to propagate malware. The modular PowerShell loader script bypasses User Access Controls … Read more
April 23, 2024 at 05:34PM A financially motivated threat actor, known as CoralRaider, is conducting an ongoing malware campaign targeting systems in the U.S., U.K., Germany, and Japan. The group uses a content delivery network cache to distribute malware, including info stealers LummaC2, Rhadamanthys, and Cryptbot. The attacks start with malicious Windows shortcut files delivered … Read more
April 9, 2024 at 12:02AM A new cybercrime group, CoralRaider, linked to Vietnam, targets individuals and organizations in Asia to steal social media account information and user data. The group relies on social engineering and legitimate services for data exfiltration but has made mistakes. CoralRaider prioritizes financial gain and does not appear to be working … Read more
April 4, 2024 at 12:15PM A suspected Vietnamese threat actor named CoralRaider targets victims in Asian and Southeast Asian countries with malware to steal valuable data. They use RotBot, Quasar RAT, and XClient stealer to steal credentials, financial data, and social media accounts primarily for monetization. The group also uses malvertising campaigns on Facebook to … Read more