Threats Tagged 'financial theft'

Operation DualScript is a sophisticated multi-stage malware campaign targeting cryptocurrency and financial activities. It utilizes Windows Scheduled Tasks, VBScript launchers, and PowerShell execution to maintain persistence while minimizing disk artifacts. The attack operates through two parallel chains: a web-based PowerShell loader deploying a cryptocurrency clipboard hijacker, and a secondary chain executing the RetroRAT implant in memory. RetroRAT monitors user activity, captures keystrokes, and tracks interactions with financial services to harvest sensitive information. The malware employs various anti-analysis techniques and establishes a command-and-control channel for remote access and data exfiltration. This campaign highlights the growing abuse of trusted system utilities and in-memory execution techniques to evade traditional detection mechanisms.

MediumMalwareUnited StatesRussiaChina+7#cryptocurrency#retrorat#multi-stage

A European financial institution involved in regional development and reconstruction initiatives was targeted by a social engineering attack attributed to the Russia-aligned Mercenary Akula. The attack used a spoofed Ukrainian judicial domain to deliver an email containing a link to a remote access payload. The target was a senior legal and policy advisor involved in procurement. The attack employed a multi-stage extraction process and deployed the Remote Manipulator System, a legitimate remote administration tool. This incident suggests the adversary may be expanding beyond primarily Ukraine-based targeting, potentially probing Ukraine-supporting institutions in Western Europe. The attack aligns with Mercenary Akula's established tactics, including localized social engineering, multi-stage payload delivery, and the use of signed remote administration tools.

MediumMalwareUkraineGermanyFrance+7#remote manipulator system#quasarrat#fire cells group