BTC $68279.0927
ETH $3629.5433
BNB $418.8260
SOL $133.0943
XRP $0.6497
stETH $3620.7348
ADA $0.7707
DOGE $0.1827
AVAX $43.0376
DOT $9.8988
wstETH $4204.4051
TRX $0.1402
LINK $20.4333
WETH $3627.8562
MATIC $1.1461
WBTC $68015.7231
UNI $12.3628
BCH $469.5171
LTC $88.8112
IMX $3.1360
ICP $13.3800
CAKE $3.3523
ETC $35.9657
FIL $10.0244
LEO $4.8744
ATOM $12.4782
TON $2.7811
HBAR $0.1174
RNDR $7.3750
KAS $0.1614
INJ $40.6866
DAI $0.9990
OKB $56.8390
VET $0.0495
PEPE $0.0000
XLM $0.1458
FDUSD $0.9965
STX $3.0333
XMR $148.4317
WEMIX $2.7041
LDO $3.2821
NEAR $4.3354
GRT $0.3080
ARB $1.9787
THETA $2.3471
APEX $2.6824
BSV $115.5449
BTC $68279.0927
ETH $3629.5433
BNB $418.8260
SOL $133.0943
XRP $0.6497
stETH $3620.7348
ADA $0.7707
DOGE $0.1827
AVAX $43.0376
DOT $9.8988
wstETH $4204.4051
TRX $0.1402
LINK $20.4333
WETH $3627.8562
MATIC $1.1461
WBTC $68015.7231
UNI $12.3628
BCH $469.5171
LTC $88.8112
IMX $3.1360
ICP $13.3800
CAKE $3.3523
ETC $35.9657
FIL $10.0244
LEO $4.8744
ATOM $12.4782
TON $2.7811
HBAR $0.1174
RNDR $7.3750
KAS $0.1614
INJ $40.6866
DAI $0.9990
OKB $56.8390
VET $0.0495
PEPE $0.0000
XLM $0.1458
FDUSD $0.9965
STX $3.0333
XMR $148.4317
WEMIX $2.7041
LDO $3.2821
NEAR $4.3354
GRT $0.3080
ARB $1.9787
THETA $2.3471
APEX $2.6824
BSV $115.5449
  • Catalog
  • Blog
  • Tor Relay
  • Jabber
  • One-Time notes
  • Temp Email
  • What is TOR?
  • We are in tor
  • ESET analysts have discovered a new stealer that steals the data of Japanese politicians


    A few weeks before the July 2022 elections to the Japanese House of Councillors, the MirrorFace group attacked Japanese politicians using a previously unregistered MirrorStealer.

    According to an ESET report, hackers deployed a new MirrorStealer along with a LODEINFO backdoor that communicated with a C&C server belonging to the APT10 group.

    LODEINFO has previously been used in attacks against Japanese politicians and civil servants, as reported by Kaspersky Lab. The attackers impersonated the Japanese Ministry by attaching a decoy document that extracted the WinRAR archive in the background. The archive contained an encrypted copy of the LODEINFO malware, a malicious DLL loader, and a legitimate anti-virus program (K7Security Suite).

    The Chinese APT group MirrorFace (APT10 and Cicada) began sending phishing emails to their targets on June 29, 2022, posing as PR agents of the recipient's political party, asking them to post the attached video files on social media.

    APT10 used LODEINFO to deploy MirrorStealer ('31558_n.dll') on compromised systems. MirrorStealer targets credentials stored in browsers and email clients, including Becky!, a popular email client in Japan. This indicates that the MirrorStealer may have been designed specifically for campaigns targeting Japan.

    All stolen credentials are stored in a text file in the TEMP directory and then exfiltrated by the LODEINFO backdoor to the C&C server, since MirrorStealer is not capable of stealing data on its own.

    LODEINFO is also used as a bridge between the C&C Server and MirrorStealer to pass commands. LODEINFO passes commands to load MirrorStealer into the compromised system's memory, injects it into a newly created "cmd.exe" process, and launches it.

    APT10 cybercriminals were discovered because they did not remove all traces of their activity on compromised computers and left a MirrorStealer text file containing the collected credentials.

    In addition, ESET analysts noticed that hackers sent LODEINFO commands with errors on several occasions, indicating that they are sometimes "manual".

    Author DeepWeb
    FBI confiscated 48 mercenary DDoS domains
    Private firm plans to build hemp neighborhood in Kansas City

    Comments 0

    Add comment