Malware

Illicit ISO files facilitate Phantom Stealer deployment

Data Poisoning is when someone intentionally messes with data to make it unreliable or incorrect. This can be done to cause harm or damage.

Threat actors have harnessed malicious ISO files to spread the Phantom Stealer malware against finance, accounting, and payment firms, as well as small and medium-sized enterprises in Russia as part of an advanced phishing campaign, reports Cyber Security News.

Attacks commenced with the distribution of a Russian-language email purporting to be a bank transfer confirmation from TorFX Currency Broker that includes a ZIP attachment, which finds and executes a bank transfer confirmation file-spoofing ISO file, an analysis from Seqrite Labs revealed. Auto-mounting of the ISO file as a virtual CD drive shows an executable that loads several payloads, including the CreativeAI.dll that enables Phantom Stealer injection.

Execution of Phantom Stealer not only allows the theft of cryptocurrency wallet data and Discord authentication tokens, but also the exfiltration of clipboard content, keystrokes, and Chromium-based browser-stored credentials and credit card details via Telegram bot API, FTP servers, and other channels, said researchers, who urged the implementation of containerized attachment filtering and memory behavior monitoring tools.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

Related Terms

Adware

You can skip this ad in 5 seconds