Home SECURITY New LOBSHOT Cryptocurrency Thief Targets Users Who Download Programs From Google

New LOBSHOT Cryptocurrency Thief Targets Users Who Download Programs From Google

0
New LOBSHOT Cryptocurrency Thief Targets Users Who Download Programs From Google

[ad_1]

New LOBSHOT Cryptocurrency Thief Targets Users Who Download Programs From Google

The malware is capable of stealing assets from over 50 sources.

Elastic Security Labs specialists report that in recent months there has been an increase in cases of abuse of advertising Google to distribute new malware called “LOBSHOT”. Based on the analysis, the experts attributed the campaign to the TA505 group associated with malware Dridex , Locky And Necurs .

The detected campaign is aimed at users who search Google for links to download various programs. In one case, a malicious ad promoting the AnyDesk application was found in Google search. The landing pages looked very similar to the original website and included a download button for the MSI installer. As soon as the victim pressed the button, the LOBSHOT malware was downloaded to the system and launched without the user’s knowledge.



Fake download page AnyDesk

Experts have suggested that LOBSHOT is designed to steal funds, including cryptocurrencies. The backdoor also has the ability to steal information.

LOBSHOT is able to steal crypto from 32 Google Chrome wallet extensions, 9 Microsoft Edge wallet extensions, and 11 Mozilla Firefox wallet extensions. One of the main features of LOBSHOT is the use of the Hidden Virtual Network Computing component (hVNC), which makes it difficult for antivirus solutions to detect.



LOBSHOT infection chain

The spread of LOBSHOT through malicious ad campaigns indicates that cybercriminals will continue to use this method to expand their attacks. Although this type of malware has not yet expanded its attack surface, it ultimately has features that help attackers act quickly at an early stage, allowing them to take full control of systems remotely.

[ad_2]

Source link

www.securitylab.ru

LEAVE A REPLY

Please enter your comment!
Please enter your name here