It was recently discovered that a new form of malware is currently targeting Windows operating systems in a bid to collect confidential information – particularly login credentials – from some of the platform’s most widely used programs and services, including NordVPN, Microsoft Outlook, Discord, and several big names in web browsing.
We recently discovered a variant of the #Masslogger trojan that steals user credentials from several sources such as Microsoft Outlook, Google Chrome and instant messengers. Find out more, plus the best mitigation strategies, here https://t.co/fvlr1HI020 #infosec #security pic.twitter.com/ZB4YEYGAqP
— Cisco Talos Intelligence Group (@TalosSecurity) February 17, 2021
How does it work?
According to Cisco Talos security researcher Vanja Svajcer, last month, he came across a malware campaign utilizing a variant of the already existing Masslogger trojan that “exfiltrates user credentials over FTP. Similar campaigns targeting users in Europe were conducted since at least Sept 2020.”
Svajcer details in a blog post that “apart from the initial email attachment, all the stages of the attacks are fileless and they only occur in volatile memory.” This means that the malware does not require you to download any files in order to start compromising your personal information.
On the plus side, this also makes them fairly easy to circumvent since they circulate mainly via phishing emails – a method that’s often easy to detect. “Although operations of the Masslogger trojan have been previously documented, we found the new campaign notable for using the compiled HTML file format to start the infection chain,” advised the Cisco Talos researcher.
Still, it is crucial to stay vigilant regarding these matters, as comprised login details can do significant damage to organizations. “The credentials themselves have value on the dark web and actors sell them for money or use them in other attacks,” warns Svajcer.
While hunting in January we noticed this Masslogger campaign that exfiltrates user credentials over FTP. Similar campaigns targeting users in Europe were conducted since at least Sept 2020. https://t.co/IVxtiV2ub3 pic.twitter.com/EAikHzZiz2
— Vanja Svajcer (@vanjasvajcer) February 17, 2021
New Mac chips already under threat of malware
In one of our recent articles, we covered how Apple’s new M1 processors are already being targeted by a Safari adware extension called GoSearch22. Security researcher Patrick Wardle advised that the malicious program was initially developed to attack Intel x86 systems but has since been altered to target Apple’s latest chip.
The M1 variant of GoSearch22 reportedly got by the testing platform of VirusTotal’s antivirus, leading Wardle to believe that most security programs are still unable to properly detect it.
🍎🐛 Uncovered (the first?) malicious program compiled to natively target Apple Silicon (M1/arm64)
And neat fact, was originally flagged & submitted via an @objective_see tool! 🔥
Read: "Arm'd & Dangerous"https://t.co/FKMMbcHCSt
— patrick wardle (@patrickwardle) February 17, 2021