Last Updated on 09/12/2021 by Nidhi Khandelwal
Magnat, a new threat actor, has been detected spreading various sorts of malware, including backdoors, malicious Chrome extensions, and data stealers.
In these attacks, two previously undiscovered malware families are frequently distributed together. These new families are thought to have been created by Magnat.
So, what happened?
Talos researchers recently identified a malware campaign that targeted unwary users with bogus installers for popular applications.
The attackers launched a series of malware distribution activities in late 2018 that primarily targeted Canada, which accounted for nearly half of all infections, followed by Australia, the United States, and a few EU countries.
The attackers’ goal is to make money by selling stolen credentials, making fraudulent transactions, and gaining remote desktop access to systems.Malware comes in many forms.
In practically all malware campaigns, the attackers use three different sorts of final payloads.
Azorult and Redline are two common password stealers.
MagnatBackdoor, a backdoor that adds a new user, sets a scheduled task, and builds an outbound SSH tunnel that forwards the RDP service to targeted computers, adds a new user, establishes a scheduled job, and makes an outbound SSH tunnel that forwards the RDP service.
MagnatExtension, a chrome extension installer, includes a form grabber, keylogger, arbitrary JavaScript executor, and cookie stealer among its many functions for collecting data from a web browser, capturing screenshots, and stealing cookies.
Conclusion
Magnat can deliver multiple payloads, posing a serious security risk to businesses. Such assaults are extremely successful, necessitating numerous levels of security protection, including cybersecurity awareness training, network filtering, and endpoint protection, to name a few.