BTC $63442.8276
ETH $3469.7477
BNB $414.4838
SOL $128.8578
XRP $0.6333
ADA $0.7553
DOGE $0.1556
AVAX $42.2817
DOT $9.6926
wstETH $4022.3454
TRX $0.1396
LINK $20.2249
WETH $3455.5461
MATIC $1.0912
UNI $12.3248
WBTC $63402.0644
BCH $454.1971
LTC $89.7149
IMX $3.2697
ICP $13.1197
FIL $10.0810
CAKE $3.2889
ETC $33.3804
LEO $4.7626
ATOM $12.4298
RNDR $7.5236
TON $2.6714
KAS $0.1683
HBAR $0.1120
INJ $39.9268
DAI $0.9998
OKB $57.5556
VET $0.0485
STX $3.0863
FDUSD $0.9998
WEMIX $2.8006
XLM $0.1364
NEAR $4.5218
PEPE $0.0000
XMR $146.1340
LDO $3.3155
GRT $0.3143
ARB $1.9894
THETA $2.3291
TIA $15.9776
ENS $21.4774
CRO $0.1387
BTC $63442.8276
ETH $3469.7477
BNB $414.4838
SOL $128.8578
XRP $0.6333
ADA $0.7553
DOGE $0.1556
AVAX $42.2817
DOT $9.6926
wstETH $4022.3454
TRX $0.1396
LINK $20.2249
WETH $3455.5461
MATIC $1.0912
UNI $12.3248
WBTC $63402.0644
BCH $454.1971
LTC $89.7149
IMX $3.2697
ICP $13.1197
FIL $10.0810
CAKE $3.2889
ETC $33.3804
LEO $4.7626
ATOM $12.4298
RNDR $7.5236
TON $2.6714
KAS $0.1683
HBAR $0.1120
INJ $39.9268
DAI $0.9998
OKB $57.5556
VET $0.0485
STX $3.0863
FDUSD $0.9998
WEMIX $2.8006
XLM $0.1364
NEAR $4.5218
PEPE $0.0000
XMR $146.1340
LDO $3.3155
GRT $0.3143
ARB $1.9894
THETA $2.3291
TIA $15.9776
ENS $21.4774
CRO $0.1387
  • Catalog
  • Blog
  • Tor Relay
  • Jabber
  • One-Time notes
  • Temp Email
  • What is TOR?
  • We are in tor
  • Unusual phishing campaign using memes as malware variables

    A successful chain of attacks leads to the infection of target computers with the generic XWorm malware.

    Cybersecurity experts have discovered a new phishing campaign in which attackers use a unique chain of attacks to deliver the XWorm malware to targeted systems.

    Securonix, which monitors this malicious activity under the name "MEME#4CHAN", said most of the attacks were directed at manufacturing plants and medical clinics in Germany.

    “As part of this operation, the attackers used an unusual PowerShell code filled with memes and a highly obfuscated XWorm malware to infect their victims,” the researchers said in their report.

    According to experts, MEME#4CHAN attacks begin with phishing emails with fake Microsoft Word documents that exploit the Windows vulnerability CVE-2022-30190 to download an obfuscated PowerShell script.

    During the analysis of this PowerShell script, the researchers came across a lot of variables that have rather interesting and unusual names, with a clear reference to a foreign meme culture. So, some variables had the following names:

    $CHOTAbheem (title of an Indian animated series)
    $Pentagone
    $NuclearDefusion
    $MEME2026
    $Shakalakaboomboom
    $colaburbumbum
    $sexybunbun

    The attackers used the aforementioned PowerShell script to bypass AMSI, disable Microsoft Defender, set persistence on the target system, and finally run the .NET binary containing XWorm.

    XWorm is a commercial malware that is sold on underground forums and has a wide range of features to steal sensitive information from infected hosts. And the ability to download additional payloads significantly expands the functionality of the program, making it a kind of universal Swiss knife in the cybercriminal world.

    "After preliminary verification, it appears that the person or group responsible for the attack may be of Middle Eastern/Indian origin, although the final affiliation has not yet been confirmed," the researchers said.
    Author DeepWeb
    Unknown hackers hacked the US Department of Transportation
    The CIA is behind many hacks around the world

    Comments 0

    Add comment