Friend
Professional
- Messages
- 2,653
- Reaction score
- 851
- Points
- 113
Windows and macOS users by blow.
Kaspersky Lab has revealed an international cyber campaign aimed at stealing cryptocurrencies and personal data of Windows and macOS users around the world. The campaign is called Tusk. The attacks appear to be carried out by Russian-speaking attackers who use phishing sites, infostealers, and clippers to achieve their goals.
The attackers are clever and multi-step, luring victims to phishing sites that look almost identical to legitimate services. Popular topics such as web3, cryptocurrency, artificial intelligence, and online games are used to attract attention. Some of the detected pages mimic a cryptoplatform, an online role-playing game, and an online translator. Fake resources look so plausible that users can easily fall for the trick by entering their personal data or downloading malicious software.
Fraudulent sites allow you to lure out confidential user data, such as private keys for crypto wallets, as well as download malware to the victim's device. In the future, attackers can gain access to the crypto wallet through a fake site and withdraw funds from it, or steal credentials, wallet details, and other information through malware.
The arsenal of cybercriminals includes Danabot and Stealc infostilers, as well as clippers. The first ones are aimed at stealing passwords and other confidential information, while clippers intercept data from the clipboard, replacing, for example, the addresses of crypto wallets with malicious ones.
Files for downloading malware are placed in Dropbox. The victim, after downloading the file, goes to a site with an attractive interface, where they are asked to log in or simply leave the page open. At this time, additional malware is loaded, which continues the attack.
Interesting details were found in the malware code. It contains strings in Russian, and files for downloading contain the word "Mammoth", which Russian-speaking cybercriminals often use to refer to victims. The attackers appear to be pursuing financial goals. The campaign's name, Tusk, also refers to the image of a mammoth being hunted for valuable tusks.
An analysis conducted by Kaspersky Lab specialists showed that the Tusk campaign is carefully planned and consists of several stages. Experts believe that an organized group or a lone hacker pursuing financial goals can be behind this series of attacks. The company also noted that it was able to detect sub-campaigns on various popular topics, including cryptocurrencies, artificial intelligence and online games, as well as on 16 others. This means that attackers can quickly adapt to the current agenda and use it to attack users.
Source
Kaspersky Lab has revealed an international cyber campaign aimed at stealing cryptocurrencies and personal data of Windows and macOS users around the world. The campaign is called Tusk. The attacks appear to be carried out by Russian-speaking attackers who use phishing sites, infostealers, and clippers to achieve their goals.
The attackers are clever and multi-step, luring victims to phishing sites that look almost identical to legitimate services. Popular topics such as web3, cryptocurrency, artificial intelligence, and online games are used to attract attention. Some of the detected pages mimic a cryptoplatform, an online role-playing game, and an online translator. Fake resources look so plausible that users can easily fall for the trick by entering their personal data or downloading malicious software.
Fraudulent sites allow you to lure out confidential user data, such as private keys for crypto wallets, as well as download malware to the victim's device. In the future, attackers can gain access to the crypto wallet through a fake site and withdraw funds from it, or steal credentials, wallet details, and other information through malware.
The arsenal of cybercriminals includes Danabot and Stealc infostilers, as well as clippers. The first ones are aimed at stealing passwords and other confidential information, while clippers intercept data from the clipboard, replacing, for example, the addresses of crypto wallets with malicious ones.
Files for downloading malware are placed in Dropbox. The victim, after downloading the file, goes to a site with an attractive interface, where they are asked to log in or simply leave the page open. At this time, additional malware is loaded, which continues the attack.
Interesting details were found in the malware code. It contains strings in Russian, and files for downloading contain the word "Mammoth", which Russian-speaking cybercriminals often use to refer to victims. The attackers appear to be pursuing financial goals. The campaign's name, Tusk, also refers to the image of a mammoth being hunted for valuable tusks.
An analysis conducted by Kaspersky Lab specialists showed that the Tusk campaign is carefully planned and consists of several stages. Experts believe that an organized group or a lone hacker pursuing financial goals can be behind this series of attacks. The company also noted that it was able to detect sub-campaigns on various popular topics, including cryptocurrencies, artificial intelligence and online games, as well as on 16 others. This means that attackers can quickly adapt to the current agenda and use it to attack users.
Source
