BTC $57054.0562
ETH $3243.0497
BNB $394.9600
SOL $108.4177
XRP $0.5865
stETH $3239.3493
ADA $0.6239
AVAX $39.2702
DOGE $0.0977
TRX $0.1428
wstETH $3750.7519
DOT $8.3691
LINK $19.0300
WETH $3348.6813
MATIC $1.0282
UNI $10.8579
WBTC $56903.9273
IMX $3.3452
ICP $13.0217
BCH $292.5040
LTC $74.0124
CAKE $3.1570
ETC $28.0992
LEO $4.3640
FIL $7.6578
KAS $0.1689
RNDR $7.2011
DAI $1.0000
ATOM $11.2097
HBAR $0.1082
INJ $40.1071
VET $0.0489
TON $2.1280
OKB $51.4855
FDUSD $0.9985
LDO $3.4670
STX $2.9465
XMR $135.8398
XLM $0.1230
ARB $1.8948
NEAR $3.9608
TIA $17.0031
WEMIX $2.3756
GRT $0.2795
ENS $22.1963
MKR $2154.9330
APEX $2.3329
BTC $57054.0562
ETH $3243.0497
BNB $394.9600
SOL $108.4177
XRP $0.5865
stETH $3239.3493
ADA $0.6239
AVAX $39.2702
DOGE $0.0977
TRX $0.1428
wstETH $3750.7519
DOT $8.3691
LINK $19.0300
WETH $3348.6813
MATIC $1.0282
UNI $10.8579
WBTC $56903.9273
IMX $3.3452
ICP $13.0217
BCH $292.5040
LTC $74.0124
CAKE $3.1570
ETC $28.0992
LEO $4.3640
FIL $7.6578
KAS $0.1689
RNDR $7.2011
DAI $1.0000
ATOM $11.2097
HBAR $0.1082
INJ $40.1071
VET $0.0489
TON $2.1280
OKB $51.4855
FDUSD $0.9985
LDO $3.4670
STX $2.9465
XMR $135.8398
XLM $0.1230
ARB $1.8948
NEAR $3.9608
TIA $17.0031
WEMIX $2.3756
GRT $0.2795
ENS $22.1963
MKR $2154.9330
APEX $2.3329
  • Catalog
  • Blog
  • Tor Relay
  • Jabber
  • One-Time notes
  • Temp Email
  • What is TOR?
  • We are in tor
  • A new threat to financial institutions has emerged on the dark web

    Security researchers at Securonix have discovered a new campaign called "OCX#HARVESTER" that distributes the "More_eggs" backdoor and other malware.

    The More_eggs malware was observed in attacks from December 2022 to March 2023. The campaign is believed to be active as attackers explore new targets and methods for delivering malware.

    According to Securonix, the OCX#HARVESTER campaign targets the financial sector, especially cryptocurrencies.

    The infection chain starts with phishing emails containing a malicious ZIP archive that downloads two LNK shortcuts. LNK shortcuts are disguised as JPEG files and appear as a "Windows Image Resource" WIM file icon that contains an icon library for files and folders.

    Once executed, the downloaded files additionally download other malicious files that deploy More_eggs (TerraLoader). In some cases, attackers also try to download and run the SharpChrome extension, which is designed to steal cookies and Chrome login information.

    Based on the victims and methods of the "More_eggs" malware, the researchers linked the campaign to the FIN6 APT group. However, experts also claimed that the backdoor was used by the groups Cobalt and Evilnum. The specialists also added that the current campaign is similar to the "PY#RATION" campaign discovered earlier this year.

    The More_eggs malware suite appears to be constantly maintained and updated in an attempt to bypass detection. As campaign changes and new attack vectors continue to be monitored, organizations are advised not to open any attachments, especially those received unexpectedly from other organizations or from an unknown source.

    Author DeepWeb
    Fresh RustBucket malware targets macOS users
    New LOBSHOT cryptocurrency thief targets Google users

    Comments 0

    Add comment