Enigma Stealer Targets Cryptocurrency Industry with Fake Jobs

Trend Micro researchers recently found an active campaign that uses a fake employment pretext targeting Eastern Europeans in the cryptocurrency industry to install an information stealer. In this campaign, the suspected Russian threat actors use several highly obfuscated and under-development custom loaders to infect those involved in the cryptocurrency industry with the Enigma Stealer (detected as TrojanSpy.MSIL.ENIGMASTEALER.YXDBC), a modified version of the Stealerium information stealer.

In addition to these loaders, the attacker also exploits CVE-2015-2291, an Intel driver vulnerability, to load a malicious driver designed to reduce the token integrity of Microsoft Defender.

Read more…
Source: Trend Micro