BTC $70823.7516
ETH $3531.0259
BNB $621.2790
SOL $172.6448
stETH $3527.9907
XRP $0.6083
DOGE $0.1997
TON $7.2456
ADA $0.5853
AVAX $46.2175
wstETH $4100.4456
DOT $8.4402
BCH $607.1354
WETH $3536.6758
WBTC $70909.4458
TRX $0.1219
LINK $17.6560
MATIC $0.8809
UNI $9.0821
ICP $15.6959
LTC $97.8636
CAKE $3.7041
DAI $0.9996
IMX $2.5675
ETC $33.6641
RNDR $9.1096
FIL $8.1342
STX $2.9994
MNT $1.2895
NEAR $6.8343
TAO $615.5692
VET $0.0503
ATOM $10.8915
HBAR $0.0996
OKB $56.9032
FDUSD $1.0028
WIF $3.3890
KAS $0.1440
MKR $3344.9389
PEPE $0.0000
GRT $0.3114
THETA $2.8807
INJ $31.7467
FET $2.5067
XLM $0.1297
XMR $134.0517
USDE $1.0001
BTC $70823.7516
ETH $3531.0259
BNB $621.2790
SOL $172.6448
stETH $3527.9907
XRP $0.6083
DOGE $0.1997
TON $7.2456
ADA $0.5853
AVAX $46.2175
wstETH $4100.4456
DOT $8.4402
BCH $607.1354
WETH $3536.6758
WBTC $70909.4458
TRX $0.1219
LINK $17.6560
MATIC $0.8809
UNI $9.0821
ICP $15.6959
LTC $97.8636
CAKE $3.7041
DAI $0.9996
IMX $2.5675
ETC $33.6641
RNDR $9.1096
FIL $8.1342
STX $2.9994
MNT $1.2895
NEAR $6.8343
TAO $615.5692
VET $0.0503
ATOM $10.8915
HBAR $0.0996
OKB $56.9032
FDUSD $1.0028
WIF $3.3890
KAS $0.1440
MKR $3344.9389
PEPE $0.0000
GRT $0.3114
THETA $2.8807
INJ $31.7467
FET $2.5067
XLM $0.1297
XMR $134.0517
USDE $1.0001
  • Catalog
  • Blog
  • Tor Relay
  • Jabber
  • One-Time notes
  • Temp Email
  • What is TOR?
  • We are in tor
  • SYS01stealer is a new threat that uses fake Facebook ads

    Cybersecurity researchers have discovered a new data thief called SYS01stealer. The malware targets employees of critical government infrastructure, manufacturing companies and other sectors.

    “The threats behind this campaign target Facebook business accounts. They use Google Ads and fake Facebook profiles that advertise games, adult content, hacked software, etc. to lure victims into downloading a malicious file. The attacks aim to steal sensitive information, including login information, cookies, and business account information,” Morphisec said in a report.

    Morphisec officials said the malware campaign was originally linked to a financially motivated cybercrime operation that Zscaler researchers dubbed "Ducktail." However, WithSecure, which first documented the cluster of Ducktail activity in July 2022, said the malware campaigns are different. This confusion points to how the attackers managed to confuse cybersecurity experts and evade detection.

    The attack chain, according to Morphisec, begins when a victim clicks on a link from a fake Facebook profile or Google Ads ad to download a ZIP archive disguised as hacked software or adult content.

    Opening a ZIP file launches a loader based on a legitimate C# application that is vulnerable to DLL Sideloading, allowing a malicious DLL to be loaded along with the application.

    Some of the applications used to download the rogue DLL are Western Digital's WDSyncService.exe and Garmin's ElevatedInstaller.exe. In some cases, the downloaded unpublished DLL acts as a means to deploy Python and Rust-based intermediate executables. Regardless of the approach used, all paths lead to the delivery of an installer that delivers and runs the PHP-based SYS01stealer malware.

    Infostealer is designed to collect Facebook cookies from Chromium-based web browsers, exfiltrate victim's Facebook information to a remote server, and download and run arbitrary files. The malware can also download files from an infected host to a C2 server, execute its commands, and update itself if a fresh version is available.

    “DLL Sideloading is a very effective way to force Windows systems to load malicious code. When an application is loaded into memory, it downloads a malicious file instead of a legitimate one, allowing hackers to capture legitimate, trusted, and even signed applications for their malicious purposes,” Morphisec said.
    Author DeepWeb
    Chinese UNC4540 hackers spy using unpatched SonicWall devices
    Allegedly, the Russian group Winter Vivern attacks government organizations in different countries

    Comments 0

    Add comment