In the shadowy world of cybercrime, even the most cunning hackers can make blunders that expose their operations. In this article CPR describes the discovery of Styx Stealer, a new malware variant derived from the notorious Phemedrone Stealer.
Check Point investigation revealed critical missteps by the developer of Styx Stealer, including a significant operational security (OpSec) lapse that leaked sensitive information from his own computer. The roots of Styx Stealer can be traced back to Phemedrone Stealer, which became widely known in early 2024 when the CVE-2023-36025 vulnerability in Microsoft Windows Defender SmartScreen was exploited to deliver this malware.
Read more…
Source: Check Point
Related:
- New KillDisk Variant Hits Financial Organizations in Latin America
January 15, 2018
We came across a new variant of the disk-wiping KillDisk targeting financial organizations in Latin America. Trend Micro detects it as TROJ_KILLDISK.IUB. Trend Micro™ Deep Discovery™ proactively blocks any intrusions or attacks associated with this threat. Initial analysis (which is still ongoing) reveals that it may be a component of another payload, or part of a bigger ...
- Bad Rabbit Ransomware Spreads via Network, Hits Ukraine and Russia
December 24, 2017
An ongoing ransomware campaign is hitting Eastern European countries with what seems to be a variant of the Petya ransomware dubbed Bad Rabbit (which we detect as RANSOM_BADRABBIT.A). Trend Micro XGen™ security products with machine learning enabled can proactively detect this ransomware as TROJ.Win32.TRX.XXPE002FF019 without the need for a pattern update. The attack comes a few months after the previous ...
- MoneyTaker Cybercriminal Group Steals $10 Million from Financial Institutions
December 12, 2017
Security researchers shed light on the Russian-speaking cybercriminal group MoneyTaker, which was reported to have perpetrated cyberattacks against financial organizations in the U.S. and Russia. The group reportedly stole as much as $10 million from at least 20 card payment and inter-bank transfer systems. What is MoneyTaker? MoneyTaker is a cybercriminal group named after the custom malware they use ...
- Collection of 1.4 Billion Plain-Text Leaked Passwords Found Circulating Online
December 11, 2017
Hackers always first go for the weakest link to quickly gain access to your online accounts. Online users habit of reusing the same password across multiple services gives hackers opportunity to use the credentials gathered from a data breach to break into their other online accounts. Researchers from security firm 4iQ have now discovered a new collective database on ...
- ‘Significant amount’ of sensitive security data stolen in Perth Airport hacking
December 10, 2017
A skilled hacker in Vietnam stole sensitive security details and building plans from Perth Airport after breaking into its computer systems. The West Australian can reveal Vietnamese man Le Duc Hoang Hai used the credentials of a third-party contractor to get access to the airport’s computer systems in March last year. Prime Minister Malcolm Turnbull’s cybersecurity adviser Alastair ...
- Pre-Installed Keylogger Found On Over 460 HP Laptop Models
December 8, 2017
HP has an awful history of ‘accidentally’ leaving keyloggers onto its customers’ laptops. At least two times this year, HP laptops were caught with pre-installed keylogger or spyware applications. I was following a tweet made by a security researcher claiming to have found a built-in keylogger in several HP laptops, and now he went public with his findings. A security researcher who goes ...