Windows systems have been more stealthily compromised by the BlankGrabber malware through the exploitation of a counterfeit certificate holder for multi-stage Rust and Python attack chain concealment, GBHackers News reports.Attacks commence with the distribution of a Gofile.io-hosted batch script that enables the installation of a certificate data-spoofing Rust stager, which conducts anti-sandbox checks before decrypting and deploying a self-extracting SFX archive that contains XWorm and the BlankGrabber stealer, according to an analysis from Splunk's Threat Research Team.After identifying virtual machines and security systems, BlankGrabber proceeds to leverage multiple commands for victim profiling, as well as enumerate saved Wi-Fi profiles before scouring Firefox and Chromium databases to compromise credentials, autofill information, and cryptocurrency wallet extensions, as well as target Telegram, Roblox, Discord, and Steam. Various Windows Defender protections have been deactivated by the infostealer, which also weaponizes registry-based UAC bypass to facilitate relaunches with escalated privileges and ensure persistence.
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
Related Terms
AdwareYou can skip this ad in 5 seconds




