Her researchers Deep Instinct they discovered a new one great hacking campaign, targeting organizations around the world by spreading "Grab-bag" malware. This includes stealing trojans information, remote backdoor, cryptojacker and cryptocurrency stealer.
The campaign with a large number of attacks and different types of malware was named Hornet's Nest.
Researchers believe that attacks are part of one cybercrime-as-a-service business and that hackers behind the original dropper (Legion Loader) offer their services to other cybercriminals.
Multiple malware is still in use and updated. The attacks that use the loader are focused on targets United States and Europe.
Investigators do not know exactly how the attacks began. Once the machine gets infected, however, the Legion Loader will execute commands PowerShell that will allow him to start executing malicious payloads. The loader will distribute three different types trojan malware, which can be found on underground forums.
One trojan is the Vidar, which targets personal information. The second trojan is the Predator the Thief. It is a malware that steals data and steals it photos using the web camera of the victims. Finally, the third trojan is the Racoon Stealer, a relatively new information theft malware that is very powerful and at the same time easy to use.
In addition to these three trojans, the Legion Loader also contains one RDP-based backdoor allowing hackers to access the infected machine. Hackers can then launch other attacks.
Through the Legion Loader, attackers can steal in person data of different kinds that they can use for others scams or sell them on the dark web.
But beyond that, the Hornet's Nest campaign allows hackers to get instant money, as Legion Loader also has a PowerShell-based cryptocurrency stealer, stealing them cryptocurrencies from the purses of the victims. It also contains one cryptomining software.
The campaign is not very sophisticated in its techniques. However, the fact that it contains a lot of malware can cause major problems in victims, as a huge amount of information of various kinds can be stolen.
Organizations and businesses need to take key steps security to avoid such attacks.
Greek
Chinese (Simplified)
English
Greek
Russian