Info-Stealing Malware Populates ‘Cloud of Logs’ Offerings

/in


Cybercrime
,
Fraud Management & Cybercrime

Private Subscription Services Emerge, Together With Fresh Strains of Info Stealers

Mathew J. Schwartz (euroinfosec) •
May 15, 2023    

Info-Stealing Malware Populates 'Cloud of Logs' Offerings
Advertisement for TitanStealer, first offered for sale in November 2022 via the Russian-language BHF and Dark2Web forums (Source: Kela)

Cybercrime watchers continue to see strong demand for fresh strains of information-stealing malware and the personal information being harvested by such info stealers.

See Also: Live Webinar | Education Cybersecurity Best Practices: Devices, Ransomware, Budgets and Resources


Information stealers exfiltrate data from an infected system – aka “bot” – and batch it into “logs” containing “browser login information including passwords, cookies, credit card details, crypto wallet data and more,” threat intelligence firm Kela said in a new report.


Phishing is the main distribution method, oftentimes through links to compromised or malicious websites. One recent campaign tied to the Lumma and Aurora stealers used “typosquatted” domains – malicious domains with names resembling legitimate ones – that pretended to offer access to OpenAI and ChatGPT, cybersecurity firm Cyble reported.


After infecting systems and collecting logs, criminals often sell the stolen data via automated bot markets such as Genesis, RussianMarket and TwoEasy, via forums such as BHF and Dark2Web, and Telegram messaging app channels. While Genesis was disrupted last month via an international police operation accompanied by more than 100 arrests worldwide, the BBC reported Friday that the darknet version of Genesis appears to remain alive and well.


One sign of the maturity of marketplaces selling account takeover services or stolen digital identities is the emergence in recent years…

Source…