A new trojan campaign that can steal personal credentials from web browsers, Microsoft Outlook, and instant messaging apps. The attack method starts with a phishing email containing a malicious HTML file attachment.
The employs a multi-modular approach that starts with the initial phishing email and carries through to the final payload. The adversaries behind this campaign likely do this to evade detection. But it can also be a weakness, as there are plenty of opportunities for defenders to break the killchain.
The type of trojan used in this campaign is known as “Masslogger” and it has been seen in the wild before. Masslogger was first released in April 2020 and sold on underground forums as a way of stealing credentials, mostly from browsers but also from email clients and messaging apps.
The threat actor or group involved had specific targets in mind or at least a particular region that they felt comfortable targeting primarily eastern and southern Europe.
To block this exploit, individuals should conduct regular and background memory scans, employ up-to-date web and email security solutions and remain vigilant against suspicious-looking emails.