BTC $65266.0064
ETH $3170.2759
BNB $579.9567
SOL $151.5810
stETH $3170.3792
XRP $0.5307
DOGE $0.1622
TON $6.2152
ADA $0.5047
AVAX $37.5087
wstETH $3690.1011
WBTC $65350.8728
DOT $7.1858
WETH $3168.2550
TRX $0.1112
BCH $512.3933
LINK $14.9136
MATIC $0.7262
ICP $15.2978
UNI $7.8248
LTC $85.1449
DAI $1.0008
RNDR $9.1190
CAKE $2.9399
IMX $2.1935
STX $2.8650
ETC $27.9082
FDUSD $0.9998
MNT $1.2003
NEAR $6.3271
FIL $6.6129
OKB $55.7832
HBAR $0.0909
TAO $475.1056
VET $0.0423
WIF $3.0785
ATOM $8.6865
MKR $3070.6157
KAS $0.1185
FET $2.4759
GRT $0.2860
INJ $29.1371
PEPE $0.0000
USDE $0.9998
XLM $0.1150
THETA $2.2569
XMR $121.6010
BTC $65266.0064
ETH $3170.2759
BNB $579.9567
SOL $151.5810
stETH $3170.3792
XRP $0.5307
DOGE $0.1622
TON $6.2152
ADA $0.5047
AVAX $37.5087
wstETH $3690.1011
WBTC $65350.8728
DOT $7.1858
WETH $3168.2550
TRX $0.1112
BCH $512.3933
LINK $14.9136
MATIC $0.7262
ICP $15.2978
UNI $7.8248
LTC $85.1449
DAI $1.0008
RNDR $9.1190
CAKE $2.9399
IMX $2.1935
STX $2.8650
ETC $27.9082
FDUSD $0.9998
MNT $1.2003
NEAR $6.3271
FIL $6.6129
OKB $55.7832
HBAR $0.0909
TAO $475.1056
VET $0.0423
WIF $3.0785
ATOM $8.6865
MKR $3070.6157
KAS $0.1185
FET $2.4759
GRT $0.2860
INJ $29.1371
PEPE $0.0000
USDE $0.9998
XLM $0.1150
THETA $2.2569
XMR $121.6010
  • Catalog
  • Blog
  • Tor Relay
  • Jabber
  • One-Time notes
  • Temp Email
  • What is TOR?
  • We are in tor
  • In Latin America, the Trojan horse "TOITOIN" gallops through businesses.

    Hackers covertly deliver payloads to target computers using MP3 files.

    A fresh Windows trojan called "TOITOIN" has been making the rounds in Latin America since May 2023 and is designed to steal banking information. Researchers from Zscaler reported this in a recent report that was released last week.

    According to Zscaler researchers, "this sophisticated campaign employs a Trojan that follows a multistage infection chain, using specially designed modules at each stage."

    The experts continued, "These modules are intended to carry out malicious actions like injecting malicious code into remote processes, getting around User Account Control, and avoiding sandbox detection using cunning techniques like rebooting the system and checking the parent process.

    The six-step infection process is extremely well-designed, starting with a phishing email that contains a link to a ZIP archive hosted on the attackers' Amazon EC2 instance. This method is used to avoid domain-specific discovery.

    Scammers lure unsuspecting recipients in by using financial subjects like invoices and the like as bait. The aforementioned ZIP archive contains a bootloader executable that, using a straightforward shortcut in the Windows startup folder, establishes persistence on the system and then contacts a remote server to download the following six payloads, which are concealed as MP3 files to evade detection.

    Additionally, the bootloader creates a batch script that, after a 10-second wait, restarts the system. The researchers explained that this is done to "evade detection by the sandbox, since all malicious actions only take place after a reboot."

    One of the payloads found is "icepdfeditor.exe," which is signed with a legitimate ZOHO Corporation Private Limited binary and, when run, loads a phoney DLL known as Krita Loader by the codename "ffmpeg.dll."

    Another executable file called the InjectorDLL module is run by Krita Loader, which is made to decode a JPG file loaded with other payloads. It creates the alleged ElevateInjectorDLL module by converting the second uploaded JPG file.

    After injecting ElevateInjectorDLL into the "explorer.exe" system process, the InjectorDLL component then decrypts and injects the TOITOIN trojan into the "svchost.exe" process, bypassing User Account Control (UAC) if necessary to elevate process privileges.

    According to the researchers, "this technique enables the malware to manipulate system files and processes by executing commands with elevated privileges and facilitating subsequent malicious actions."

    Data can be extracted from installed web browsers like Google Chrome, Microsoft Edge, Internet Explorer, Mozilla Firefox, and Opera as well as system information collected by TOITOIN. Additionally, it looks for "Topaz Online Fraud Detection," an anti-fraud component built into Latin American banking platforms.

    Attackers successfully deliver their malicious payload using deceptive phishing emails, sophisticated redirect mechanisms, and domain diversification, according to the researchers.

    The use of specially created modules that employ various evasion techniques and encryption methods is part of the multi-stage chain of infection seen in this campaign, the experts said.

    Author DeepWeb
    The biggest hack on the Multichain cryptocurrency platform has occurred since it launched.
    Barts Health NHS, the largest healthcare organisation in the UK, was attacked online

    Comments 0

    Add comment