BTC $58270.6324
ETH $3301.4664
BNB $400.6794
SOL $110.0515
XRP $0.5824
ADA $0.6271
AVAX $39.6830
DOGE $0.0970
TRX $0.1429
wstETH $3808.1443
DOT $8.3586
LINK $19.1334
WETH $3305.4834
MATIC $1.0428
UNI $11.0186
WBTC $57881.0446
IMX $3.3465
ICP $13.0316
BCH $301.2119
LTC $74.8427
CAKE $3.2026
ETC $28.3635
FIL $7.9610
LEO $4.4139
RNDR $7.4060
KAS $0.1700
HBAR $0.1136
DAI $1.0002
ATOM $11.3163
INJ $41.0291
VET $0.0502
TON $2.1419
OKB $51.8401
STX $3.2222
LDO $3.5190
FDUSD $0.9951
XMR $138.3902
XLM $0.1221
ARB $1.8935
NEAR $3.9358
TIA $16.9317
GRT $0.2829
WEMIX $2.2582
ENS $22.5313
MKR $2167.8555
APEX $2.4646
THETA $1.9298
BTC $58270.6324
ETH $3301.4664
BNB $400.6794
SOL $110.0515
XRP $0.5824
ADA $0.6271
AVAX $39.6830
DOGE $0.0970
TRX $0.1429
wstETH $3808.1443
DOT $8.3586
LINK $19.1334
WETH $3305.4834
MATIC $1.0428
UNI $11.0186
WBTC $57881.0446
IMX $3.3465
ICP $13.0316
BCH $301.2119
LTC $74.8427
CAKE $3.2026
ETC $28.3635
FIL $7.9610
LEO $4.4139
RNDR $7.4060
KAS $0.1700
HBAR $0.1136
DAI $1.0002
ATOM $11.3163
INJ $41.0291
VET $0.0502
TON $2.1419
OKB $51.8401
STX $3.2222
LDO $3.5190
FDUSD $0.9951
XMR $138.3902
XLM $0.1221
ARB $1.8935
NEAR $3.9358
TIA $16.9317
GRT $0.2829
WEMIX $2.2582
ENS $22.5313
MKR $2167.8555
APEX $2.4646
THETA $1.9298
  • Catalog
  • Blog
  • Tor Relay
  • Jabber
  • One-Time notes
  • Temp Email
  • What is TOR?
  • We are in tor
  • Unusual phishing campaign using memes as malware variables

    A successful chain of attacks leads to the infection of target computers with the generic XWorm malware.

    Cybersecurity experts have discovered a new phishing campaign in which attackers use a unique chain of attacks to deliver the XWorm malware to targeted systems.

    Securonix, which monitors this malicious activity under the name "MEME#4CHAN", said most of the attacks were directed at manufacturing plants and medical clinics in Germany.

    “As part of this operation, the attackers used an unusual PowerShell code filled with memes and a highly obfuscated XWorm malware to infect their victims,” the researchers said in their report.

    According to experts, MEME#4CHAN attacks begin with phishing emails with fake Microsoft Word documents that exploit the Windows vulnerability CVE-2022-30190 to download an obfuscated PowerShell script.

    During the analysis of this PowerShell script, the researchers came across a lot of variables that have rather interesting and unusual names, with a clear reference to a foreign meme culture. So, some variables had the following names:

    $CHOTAbheem (title of an Indian animated series)
    $Pentagone
    $NuclearDefusion
    $MEME2026
    $Shakalakaboomboom
    $colaburbumbum
    $sexybunbun

    The attackers used the aforementioned PowerShell script to bypass AMSI, disable Microsoft Defender, set persistence on the target system, and finally run the .NET binary containing XWorm.

    XWorm is a commercial malware that is sold on underground forums and has a wide range of features to steal sensitive information from infected hosts. And the ability to download additional payloads significantly expands the functionality of the program, making it a kind of universal Swiss knife in the cybercriminal world.

    "After preliminary verification, it appears that the person or group responsible for the attack may be of Middle Eastern/Indian origin, although the final affiliation has not yet been confirmed," the researchers said.
    Author DeepWeb
    Unknown hackers hacked the US Department of Transportation
    The CIA is behind many hacks around the world

    Comments 0

    Add comment