Malwarebytes Labs researchers uncovered multiple campaigns distributing an infostealer we track as NWHStealer, using everything from fake VPN downloads to hardware utilities and gaming mods.
What makes this campaign stand out isn’t just the malware, but how widely and convincingly it’s being spread. Once installed, it can collect browser data, saved passwords, and cryptocurrency wallet information, which attackers may use to access accounts, steal funds, or carry out further attacks. We detected multiple campaigns using different platforms and lures to distribute NWHStealer. The stealer is loaded and executed in several ways, such as self-injection or injection into other processes like RegAsm (Microsoft’s Assembly Registration Tool). Often, additional wrappers such as MSI or Node.js are used as the initial loader.
Read more…
Source: Malwarebytes Labs
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Improved cyber security for General Election after Russian hacking scandal
April 21, 2017
Cyber security chiefs are to give fresh guidance to protect the general election from being disrupted by hackers. Just weeks ago, Ciaran Martin, chief executive of the National Cyber Security Centre, briefed political party bosses on how they can defend their organisations from online attacks. They were given an overview of threats, case studies on recent cyber ...
- Hong Kong to tighten cyber security rules after broker hacks
April 20, 2017
Hong Kong plans to toughen information security rules after a series of embarrassing hacks at the city’s brokers, the securities regulator said on Thursday. The draft rules would likely include requirements for two-step authentication for account log-in and for brokers to notify clients when a transaction had been made, a Hong Kong Securities and Futures Commission ...
- Hackers Dump 1.7 Million Snapchat User Data on Dark Web
April 18, 2017
Anonymous Indian hackers are taking revenge on Snapchat’s CEO and claim to have leaked a database containing the credentials of 1.7 million users. The hackers are particularly upset after Evan Spiegel,Snapchat CEO, reportedly made a rather nasty remark regarding expansion plans. According to claims that emerged last week as an ex-employee filed a lawsuit against the ...
- Hajime worm battles Mirai for control of the Internet of Things
April 18, 2017
A battle is raging for control of Internet of Things (IoT) devices. There are many contenders, but two families stand out: the remains of the Mirai botnet, and a new similar family called Hajime. Hajime was first discovered by researchers in October of last year and, just like Mirai (Linux.Gafgyt), it spreads via unsecured devices that ...
- Why cybersecurity needs more attention from business leaders
April 10, 2017
As businesses have become more dependent on technology, their exposure to cybersecurity threats increases – driving a need for boards and senior management to understand the risks. Cybercrime has grown so much that the Office for National Statistics (ONS) recently began including it in official figures. In 2016, a report from the National Crime Agency found ...
- Symantec Links Espionage Group to CIA via Tools Exposed by WikiLeaks
April 10, 2017
Symantec announced that it had connected at least 40 attacks across 16 countries where tools obtained and exposed by WikiLeaks via the Vault 7 revelations about CIA’s espionage tactics were used. In a lengthy report, Symantec talks about a highly organized group they named Longhorn and which they linked to all these attacks. While stopping short ...