Malwarebytes Labs researchers uncovered multiple campaigns distributing an infostealer we track as NWHStealer, using everything from fake VPN downloads to hardware utilities and gaming mods.
What makes this campaign stand out isn’t just the malware, but how widely and convincingly it’s being spread. Once installed, it can collect browser data, saved passwords, and cryptocurrency wallet information, which attackers may use to access accounts, steal funds, or carry out further attacks. We detected multiple campaigns using different platforms and lures to distribute NWHStealer. The stealer is loaded and executed in several ways, such as self-injection or injection into other processes like RegAsm (Microsoft’s Assembly Registration Tool). Often, additional wrappers such as MSI or Node.js are used as the initial loader.
Read more…
Source: Malwarebytes Labs
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- New TeamSpy Malware Campaign Turns TeamViewer into Spy Tool
February 20, 2017
TeamSpy is back and it’s turning TeamViewer into the spying tool that no one wants. According to security firm Heimdal, a new spam campaign emerged over the weekend, carrying the TeamSpy malware which can give hackers full access to a compromised computer. This isn’t a new type of malware whatsoever. In fact, back in 2013, it was ...
- Europol and Global Cyber Alliance team up to fight cyber-crime
January 30, 2017
Europol and the Global Cyber Alliance (GCA) have signed a Memorandum of Understanding (MoU) to cooperate on decreasing systemic cyber-risk and improving internet security throughout Europe and beyond. As part of the MoU, Europol and GCA will fight cyber-crime through the exchange of information on cyber-crime trends and joint international projects to increase cyber-security. To this end, ...
- Smaller firms set to ‘face £52bn in fines’ for security breaches as cyber-crime skyrockets
January 14, 2017
British firms were each subjected to an average of almost 230,000 cyber attacks in 2016, according to analysis from business internet service provider Beaming. The average volume of attacks hitting individual company firewalls passed the 1,000 per day mark for the first time in November. Meanwhile, the Payment Card Industry Security Standards Council suggested that UK firms ...
- Netflix Users Under Attack As Hackers Try to Steal Credit Card Info
January 10, 2017
Security company FireEye detected a new wave of attacks aimed at Netflix users, with cybercriminals now turning to phishing schemes in order to steal their personal information, including credit card data, social security numbers, and other details. Although it seems that the attacks have been suspended, Netflix users in the United States should always keep an ...