CDN network cache hacked to spread malware across the globe

News
By
published

Hackers are targeting companies around the world with infostealers

Magnifying glass enlarging the word 'malware' in computer machine code
(Image credit: Shutterstock)

Threat actors known as CoralRaider have been using the Bynny content delivery network (CDN) to distribute infostealers to victims around the world.

Rresearchers Cisco Talos have revealed who said CoralRaider abused the CDN to hide from security solutions, as they delivered LummaC2, Rhadamanthys, and Cryptobot.

CoralRaider is a financially motivated threat actor that targets endpoints in the US, the UK, Germany, and Japan. It is based out of Vietnam, and usually targets devices in Asia and Southeast Asia. However, as of lately, the group seemingly expanded its operations to target victims in the US, Nigeria, Pakistan,Ecuador, Germany, Egypt, the U.K., Poland, the Philippines, Norway, Japan, Syria and Turkey. The group’s activities were first spotted back in 2003, it was added.

Apparently, the group would (most likely) send out phishing emails with an archive attached. This archive would contain a malicious Windows shortcut link (.LNK) which, in turn, carried a PowerShell command that downloads and runs a “heavily obfuscated” HTML application. This app was found on a Bynny subdomain under the attackers’ control.

Stealing login credentials

The app comes with JavaScript code for a PowerShell decrypter script which turns off certain security features and ultimately deploys one of the three above-mentioned infostealers.

Further detailing the threat, Cisco Talos said that the infostealers being distributed were relatively new. LummaC2 and Rhadamanthys each have features which were apparently only added last year, while Cryptobot dates January this year.

According to BleepingComputer, Cryptobot isn’t as popular as LummaC2 or Rhadamanthys, but it’s still dangerous, as it infects more than half a million devices a year.

Most of today’s infostealers go after the same information: login credentials to various services, multi-factor authentication (MFA) and one-time passcodes, cryptocurrency wallet data, banking information, and more.

More from TechRadar Pro

TOPICS
Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
Insecure network with several red platforms connected through glowing data lines and a black hat hacker symbol
Cisco, ASUS, QNAP, and Synology devices hijacked to major botnet
A person at a laptop with a cybersecure lock symbol floating above it.
Cybercrime gang targets victims with "triple threat" attacks
An American flag flying outside the US Capitol building against a blue sky
US military and defense contractors hit with Infostealer malware
A digital representation of a lock
Security experts are being targeted with fake malware discoveries
Hands typing on a keyboard surrounded by security icons
Infostealers on the rise: the latest concern for organizational defenses
China
Salt Typhoon strikes again - more US ISPs, universities and telecoms networks hit by Chinese hackers
Latest in Security
A graphic showing fleet tracking locations over a city.
Lost & Found tracking site hit by major data breach - over 800,000 could be affected
US President Donald Trump speaks to the press as he signs an executive order to create a US sovereign wealth fund, in the Oval Office of the White House on February 3, 2025, in Washington, DC.
US set to pause cyber-offensive operations against Russia - but CISA says it won't stop
Web DDoS attacks see major surge as AI allows more powerful attacks
Polish space agency says it was hit by a cyberattack
Illustration of a hooked email hovering over a mobile phone
AWS misconfigurations reportedly used to launch phishing attacks
A concept image of someone typing on a computer. A red flashing danger sign is above the keyboard and nymbers and symbols also in glowing red surround it.
Microsoft Teams and other Windows tools hijacked to hack corporate networks
Latest in News
Google Gemini iPhone Lock Screen
You can now access Gemini from your iPhone's lock screen
Michelle, Keats, and Doctor Amherst looking unimpressed and worried in The Electric State
Netflix drops trailer for The Electric State, and I'm getting serious District 9 vibes
YouTube TV
YouTube TV might be planning a big Netflix update that puts the best streaming services first
Google Pixel 9 Pro
Here are the 7 best Pixel 9 and Pixel Watch 3 features landing in March’s Pixel Feature Drop
Bang & Olufsen Beogram 4000C Saint Laurent Rive Droite Edition
Bang & Olufsen's latest reworked turntable is a masterpiece of retro revival, in a breathtaking wooden presentation box
Apple Watch Series 10
Apple unveils new Apple Watch bands – here's what's in the Spring 2025 collection
More about security
A graphic showing fleet tracking locations over a city.

Lost & Found tracking site hit by major data breach - over 800,000 could be affected
A concept image of someone typing on a computer. A red flashing danger sign is above the keyboard and nymbers and symbols also in glowing red surround it.

Microsoft Teams and other Windows tools hijacked to hack corporate networks
Circular Ring 2

The Circular Ring 2 solves a crucial smart ring problem, and it's available to pre-order now
See more latest
Most Popular
Circular Ring 2
The Circular Ring 2 solves a crucial smart ring problem, and it's available to pre-order now
HTC Viverse
The company formerly known as HTC is doubling down on immersive worlds, AI, spatial computing and ... 6G?
A business woman looking at AI on a transparent screen
Businesses are facing an "AI Divide" - which could be the difference between success and failure
Google Gemini iPhone Lock Screen
You can now access Gemini from your iPhone's lock screen
Apple Vision Pro with Dassault Systèmes 3DEXPERIENCE platform
Dassault Systèmes teams up with Apple to use Vision Pro headsets to bring spatial CAD to life
Samsung 18.1-inch foldable OLED monitor
Samsung has launched a flexible portable monitor complete with a briefcase, one that seems to come straight from a James Bond movie
GenMachine Zhi mini pc
This is the smallest AMD PC I've ever seen: mysterious manufacturer uses Ryzen 3 APU with surprising results
Beelink ME Mini
One of our favorite mini PC vendors has launched a NAS that looks a bit like Apple's PowerMac G4 Cube PC - but way smaller
Michelle, Keats, and Doctor Amherst looking unimpressed and worried in The Electric State
Netflix drops trailer for The Electric State, and I'm getting serious District 9 vibes
YouTube TV
YouTube TV might be planning a big Netflix update that puts the best streaming services first