Her researchers Deep Instinct they discovered a new one great hacking campaign, targeting organizations around the world by spreading "Grab-bag" malware. This includes stealing trojans information, remote backdoor, cryptojacker and cryptocurrency stealer.
The campaign with a large number of attacks and different types of malware was named Hornet's Nest.
Multiple malware is still in use and updated. The attacks that use the loader are focused on targets United States and Europe.
Investigators do not know exactly how the attacks began. Once the machine gets infected, however, the Legion Loader will execute commands PowerShell that will allow him to start executing malicious payloads. The loader will distribute three different types trojan malware, which can be found on underground forums.
One trojan is the Vidar, which targets personal information. The second trojan is the Predator the Thief. It is a malware that steals data and steals it photos using the web camera of the victims. Finally, the third trojan is the Racoon Stealer, a relatively new information theft malware that is very powerful and at the same time easy to use.
In addition to these three trojans, the Legion Loader also contains one RDP-based backdoor allowing hackers to access the infected machine. Hackers can then launch other attacks.
But beyond that, the Hornet's Nest campaign allows hackers to get instant money, as Legion Loader also has a PowerShell-based cryptocurrency stealer, stealing them cryptocurrencies from the purses of the victims. It also contains one cryptomining software.
The campaign is not very sophisticated in its techniques. However, the fact that it contains a lot of malware can cause major problems in victims, as a huge amount of information of various kinds can be stolen.
Organizations and businesses need to take key steps security to avoid such attacks.