Threat Intelligence, Application security, Phishing

Global targeting of Marko Polo cybercrime operation detailed

Share
Plain code with the word "cyberattack" in red.

Tens of thousands of devices around the world have already been breached with information-stealing malware by the Marko Polo cybercrime operation through more than 30 cryptocurrency and gaming-related scams aimed at technology professionals, cryptocurrency influencers, and online gamers, according to The Record, a news site by cybersecurity firm Recorded Future.

While most of the scams involved spearphishing attacks spreading the Atomic macOS Stealer via malicious Zoom meeting client builds, Marko Polo also impersonated productivity software, blockchain-based projects, and online games to facilitate compromise with the Rhadamanthys, StealC, and HijackLoader payloads, an analysis from Recorded Future's Insikt Group researchers revealed. Aside from conducting extensive infostealer compromise, Marko Polo has also consistently updated attack infrastructure, tactics, and scam naming schemes to bypass detection. "This adaptability not only makes Marko Polo a persistent threat but also signals that it will likely continue evolving its methods to stay ahead of cybersecurity defenses," said researchers.

Global targeting of Marko Polo cybercrime operation detailed

While most of the scams involved spearphishing attacks spreading the Atomic macOS Stealer via malicious Zoom meeting client builds, Marko Polo also impersonated productivity software, blockchain-based projects, and online games to facilitate compromise.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.