Malware, Identity

Infostealer-based credential theft allows site takeovers for malware delivery

Online credentials obtained by information-stealing malware have been leveraged to breach business websites, which were then tapped for distributing other illicit payloads, highlighting an attack cycle that converts victims into oblivious cybercrime accomplices, according to Cyber Security News.

Threat actors have used ClickFix to lure visitors of compromised websites into clicking fraudulent reCAPTCHA or browser error warnings and pasting a malicious "verification code" that facilitates the covert downloading of the Vidar, Lumma, or Stealc infostealers, findings from the Hudson Rock Threat Intelligence Team showed.

Additional comparison of data from Hudson Rock's stolen credential database and a ReliaQuest security researcher revealed nearly 13% of domains that hosted ClickFix campaigns while having infostealer-exposed admin credentials. Such credentials were observed to allow WordPress admin panel, content management system, and cPanel hosting control access. Researchers warned that the cybercrime feedback loop fortifies attack infrastructure, which would not be impacted even after the disruption of leading botnets.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds