A new malware family called Trojan.Scavenger, or Scavenger Trojan, is stealing sensitive data from password managers and crypto wallets, Hackread reports.
A report from Doctor Web revealed that the malware was uncovered during an investigation of a targeted attack on a Russian enterprise. Attackers exploit vulnerabilities related to DLL Search Order Hijacking, a technique where malicious files are used to get into the software, posing as authentic components and access everything the target application can reach, overriding real system DLLs. The trojans infect the target systems using game cheats and patches and tamper with the internal security feature of browser extensions such as Bitwarden, Slush, LastPass, MetaMask, and Phantom. The attack chain unfolds in multiple stages. The trojans evade detection during security research by checking if they are launched inside a debug environment or virtual machine and halt execution if found. Many software vendors have declined to patch the flaw, pushing responsibility onto end users.
A report from Doctor Web revealed that the malware was uncovered during an investigation of a targeted attack on a Russian enterprise. Attackers exploit vulnerabilities related to DLL Search Order Hijacking, a technique where malicious files are used to get into the software, posing as authentic components and access everything the target application can reach, overriding real system DLLs. The trojans infect the target systems using game cheats and patches and tamper with the internal security feature of browser extensions such as Bitwarden, Slush, LastPass, MetaMask, and Phantom. The attack chain unfolds in multiple stages. The trojans evade detection during security research by checking if they are launched inside a debug environment or virtual machine and halt execution if found. Many software vendors have declined to patch the flaw, pushing responsibility onto end users.




