Connect with us

Hi, what are you looking for?

Hard News Hard Hitting News Source Global Political News

Cyber Security

TA551 Now Spreading IcedID Stealer Via Spoofed Emails

Accumulation of files.

TA551 (aka Shathak) is an email-based malware distribution campaign that is actively targeting English-speaking victims. Active since early 2020, TA551 is known to distribute multiple malware families, such as Ursnif and Valak.

What is happening?

In a fresh revelation, researchers said TA551’s campaign—from mid-July to November 2020—was found spreading the IcedID information stealer. The group is still using the same infection chain they used from mid-July to November 2020.

  • It used a spoofed email as a lure, and these emails are retrieved from email clients on previously infected hosts.
  • The email message contained an attached ZIP archive and a message alerting the user of a password needed to open the attachment. The ZIP archive contains a Microsoft Word document with macros.
  • If the victim enables macros on an exposed Windows computer, the victim’s host downloads an installer DLL for IcedID malware.
  • Till October 27, 2020, the campaign only targeted English-speaking victims. After some time, the campaign started targeting other targets, including Japanese-speaking victims as well.

Recent attacks using stealers

  • Recently, an ElectroRAT stealer for macOS, Windows, and Linux was discovered, which went undetected for almost an entire year.
  • In addition, PyMicropsia stealer linked to AridViper (a hacking group) was found active in the Middle East.

Conclusion

The use of information stealers is growing and cybercriminals are increasingly using such malicious tools for various malicious purposes, such as espionage, intelligence gathering, and data harvesting. Thus, experts suggest having spam filtering, proper system administration, along with up-to-date Windows hosts, for better protection. In addition, encrypt important data and segregate networks.

Source: https://cyware.com/news/ta551-now-spreading-icedid-stealer-via-spoofed-emails-c090b741

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like

Cyber Security

The operators of the QBot malware have been using the Windows Calculator to side-load the malicious payload on infected computers. DLL side-loading is a...

Copyright © 2023 Hard News Herd Hitting in Your Face News Source | World News | Breaking News | US News | Political News Website by Top Search SEO