Threat actors have deployed a more advanced fileless version of the Masslogger credential-stealing malware as part of a new campaign aimed at French users, Cyber Security News reports.
Attacks commenced with the distribution of malicious emails or file downloads with VBScript-encoded files resulting in the eventual download and execution of the Masslogger variant, according to a report from Seqrite researchers. Execution of the malware prompts VBScript to establish various registry entries under "HKEY_CURRENT_USERSOFTWAREesBbIgyFlZcXjUl", which includes data needed for the multi-stage compromise. Aside from exfiltrating credentials from widely used web browsers and email clients, such Masslogger iteration also enables keylogging, screen capturing, clipboard tracking, and system reconnaissance, as well as further payload injections, said researchers. Further examination of the malware showed its inclusion of a sophisticated segmentation technique preventing size limitations, as well as its implementation of a Windows scheduled task that guarantees persistence by executing every minute.
Attacks commenced with the distribution of malicious emails or file downloads with VBScript-encoded files resulting in the eventual download and execution of the Masslogger variant, according to a report from Seqrite researchers. Execution of the malware prompts VBScript to establish various registry entries under "HKEY_CURRENT_USERSOFTWAREesBbIgyFlZcXjUl", which includes data needed for the multi-stage compromise. Aside from exfiltrating credentials from widely used web browsers and email clients, such Masslogger iteration also enables keylogging, screen capturing, clipboard tracking, and system reconnaissance, as well as further payload injections, said researchers. Further examination of the malware showed its inclusion of a sophisticated segmentation technique preventing size limitations, as well as its implementation of a Windows scheduled task that guarantees persistence by executing every minute.
