This nasty new trojan lifts login details from Chrome, Edge and Outlook

News
By published

Masslogger trojan returns with a venegeance

Malware Magnifying Glass
(Image credit: Andriano.cz / Shutterstock)

The threat intelligence team at Cisco Talos has discovered a new trojan campaign that can steal personal credentials from web browsers, Microsoft Outlook, and instant messaging apps. The attack method starts with a phishing email containing a malicious HTML file attachment.

“The employs a multi-modular approach that starts with the initial phishing email and carries through to the final payload,” Vanja Svajcer, an outreach researcher woractor king for Cisco Talos, explained. “The adversaries behind this campaign likely do this to evade detection. But it can also be a weakness, as there are plenty of opportunities for defenders to break the killchain.”

Attackers first send an email with a subject line claiming to relate to a specific business. It will be accompanied by a RAR attachment that creates files with the “r00” RAR extension and subsequently the .chm extension. The CHM file is a compiled HTML format and, in this case, it contains JavaScript code that will start the infection process.  

We meet again

The type of trojan used in this campaign is known as “Masslogger” and it has been seen in the wild before. Masslogger was first released in April 2020 and sold on underground forums as a way of stealing credentials, mostly from browsers but also from email clients and messaging apps.

For this campaign, it seems that the threat actor or group involved had specific targets in mind or at least a particular region that they felt comfortable targeting – primarily eastern and southern Europe. Cisco Talos identified email messages targeting Latvia, Lithuania, Turkey, Bulgaria, Estonia, Romania, Hungary, Italy, and Spain, with some messaged written in English.

To block this exploit, individuals should conduct regular and background memory scans, employ up-to-date web and email security solutions and remain vigilant against suspicious-looking emails.

Via The Register

TOPICS
Barclay Ballard
Barclay Ballard

Barclay has been writing about technology for a decade, starting out as a freelancer with ITProPortal covering everything from London’s start-up scene to comparisons of the best cloud storage services.  After that, he spent some time as the managing editor of an online outlet focusing on cloud computing, furthering his interest in virtualization, Big Data, and the Internet of Things. 

Latest in Security
person at a computer
Many workers are overconfident at spotting phishing attacks
Data Breach
Thousands of healthcare records exposed online, including private patient information
China
Juniper patches security flaws which could have let hackers take over your router
Representational image depecting cybersecurity protection
GitLab has patched a host of worrying security issues
Ai tech, businessman show virtual graphic Global Internet connect Chatgpt Chat with AI, Artificial Intelligence.
AI agents can be hijacked to write and send phishing attacks
China
Volt Typhoon threat group had access to American utility networks for the best part of a year
Latest in News
A man getting angry with his laptop.
Windows 11 bug deletes Copilot from the OS – is this the first glitch ever some users will be happy to encounter?
An image of the Samsung Galaxy S25 Ultra from a hands-on event
Samsung's latest software upgrade could mean Galaxy phones beat iPhones for gaming – but you can't get it yet
God of War 20th Anniversary Graphic.
Sony has unveiled some goodies to celebrate God of War’s 20th anniversary, but it's not the remaster I was hoping for
person at a computer
Many workers are overconfident at spotting phishing attacks
Apple iPhone 16 Plus Review
The iPhone 17 Air could have an affordable price, and better battery life than you might have expected
Some of the Avengers standing in a room without their costumes on in Marvel's Avengers: Endgame movie
'It's a new beginning': Avengers 5 and 6 directors tease what Marvel fans can expect from Doomsday and Secret Wars' plot – and how they will set up the MCU's future
More about security
person at a computer

Many workers are overconfident at spotting phishing attacks
Money

Financial leaders still rely on regular tools like Excel for automation tasks over AI
Apple iPhone 16 Plus Review

The iPhone 17 Air could have an affordable price, and better battery life than you might have expected
See more latest
Most Popular
Apple iPhone 16 Plus Review
The iPhone 17 Air could have an affordable price, and better battery life than you might have expected
God of War 20th Anniversary Graphic.
Sony has unveiled some goodies to celebrate God of War’s 20th anniversary, but it's not the remaster I was hoping for
Some of the Avengers standing in a room without their costumes on in Marvel's Avengers: Endgame movie
'It's a new beginning': Avengers 5 and 6 directors tease what Marvel fans can expect from Doomsday and Secret Wars' plot – and how they will set up the MCU's future
A man getting angry with his laptop.
Windows 11 bug deletes Copilot from the OS – is this the first glitch ever some users will be happy to encounter?
An image of the Samsung Galaxy S25 Ultra from a hands-on event
Samsung's latest software upgrade could mean Galaxy phones beat iPhones for gaming – but you can't get it yet
person at a computer
Many workers are overconfident at spotting phishing attacks
BraX3
This obscure brand wants to launch the most privacy-friendly smartphone ever without Google, but with a mysterious open-source OS at its core
HAMR
Seagate reportedly sold two billion GBs worth of storage to two of the world's largest tech companies
Google Pixel 8a in aloe green showing
Google Pixel 9a benchmark link teases the performance of the upcoming mid-ranger
NYT Connections homescreen on a phone, on a purple background
NYT Connections hints and answers for Monday, March 17 (game #645)