BTC $66491.5139
ETH $3184.3983
BNB $601.6419
SOL $155.6108
stETH $3185.1637
XRP $0.5495
DOGE $0.1586
TON $5.8776
ADA $0.5099
AVAX $38.8942
wstETH $3708.0998
WBTC $66518.7062
DOT $7.3764
WETH $3184.7962
TRX $0.1114
BCH $512.3077
LINK $15.4337
MATIC $0.7334
UNI $8.1252
ICP $14.9003
LTC $84.7276
DAI $0.9990
CAKE $2.9972
RNDR $9.1863
IMX $2.3935
STX $3.0458
NEAR $6.9983
ETC $28.0765
FDUSD $1.0009
MNT $1.2093
FIL $6.5339
TAO $511.7762
OKB $54.7486
HBAR $0.0893
VET $0.0421
KAS $0.1250
ATOM $8.8532
GRT $0.3029
PEPE $0.0000
WIF $2.8536
FET $2.4350
MKR $2854.7795
INJ $28.3839
THETA $2.3975
USDE $0.9992
XLM $0.1167
CORE $2.5851
BTC $66491.5139
ETH $3184.3983
BNB $601.6419
SOL $155.6108
stETH $3185.1637
XRP $0.5495
DOGE $0.1586
TON $5.8776
ADA $0.5099
AVAX $38.8942
wstETH $3708.0998
WBTC $66518.7062
DOT $7.3764
WETH $3184.7962
TRX $0.1114
BCH $512.3077
LINK $15.4337
MATIC $0.7334
UNI $8.1252
ICP $14.9003
LTC $84.7276
DAI $0.9990
CAKE $2.9972
RNDR $9.1863
IMX $2.3935
STX $3.0458
NEAR $6.9983
ETC $28.0765
FDUSD $1.0009
MNT $1.2093
FIL $6.5339
TAO $511.7762
OKB $54.7486
HBAR $0.0893
VET $0.0421
KAS $0.1250
ATOM $8.8532
GRT $0.3029
PEPE $0.0000
WIF $2.8536
FET $2.4350
MKR $2854.7795
INJ $28.3839
THETA $2.3975
USDE $0.9992
XLM $0.1167
CORE $2.5851
  • Catalog
  • Blog
  • Tor Relay
  • Jabber
  • One-Time notes
  • Temp Email
  • What is TOR?
  • We are in tor
  • A new threat to financial institutions has emerged on the dark web

    Security researchers at Securonix have discovered a new campaign called "OCX#HARVESTER" that distributes the "More_eggs" backdoor and other malware.

    The More_eggs malware was observed in attacks from December 2022 to March 2023. The campaign is believed to be active as attackers explore new targets and methods for delivering malware.

    According to Securonix, the OCX#HARVESTER campaign targets the financial sector, especially cryptocurrencies.

    The infection chain starts with phishing emails containing a malicious ZIP archive that downloads two LNK shortcuts. LNK shortcuts are disguised as JPEG files and appear as a "Windows Image Resource" WIM file icon that contains an icon library for files and folders.

    Once executed, the downloaded files additionally download other malicious files that deploy More_eggs (TerraLoader). In some cases, attackers also try to download and run the SharpChrome extension, which is designed to steal cookies and Chrome login information.

    Based on the victims and methods of the "More_eggs" malware, the researchers linked the campaign to the FIN6 APT group. However, experts also claimed that the backdoor was used by the groups Cobalt and Evilnum. The specialists also added that the current campaign is similar to the "PY#RATION" campaign discovered earlier this year.

    The More_eggs malware suite appears to be constantly maintained and updated in an attempt to bypass detection. As campaign changes and new attack vectors continue to be monitored, organizations are advised not to open any attachments, especially those received unexpectedly from other organizations or from an unknown source.

    Author DeepWeb
    Fresh RustBucket malware targets macOS users
    New LOBSHOT cryptocurrency thief targets Google users

    Comments 0

    Add comment