ANY.RUN Uncovers DeerStealer Malware Campaign Exploiting Fake Google Authenticator Websites
DUBAI, DUBAI, UNITED ARAB EMIRATES, July 31, 2024 /EINPresswire.com/ -- ANY.RUN, a trusted provider of cybersecurity solutions, has revealed a new malware distribution campaign. This campaign uses fake Google Authenticator websites to spread DeerStealer malware.
๐๐๐๐ซ๐๐ญ๐๐๐ฅ๐๐ซ: ๐ ๐๐๐ฐ ๐๐ก๐ซ๐๐๐ญ ๐๐ข๐ฌ๐ ๐ฎ๐ข๐ฌ๐๐ ๐๐ฌ ๐๐จ๐จ๐ ๐ฅ๐ ๐๐ฎ๐ญ๐ก๐๐ง๐ญ๐ข๐๐๐ญ๐จ๐ซ
DeerStealer, detected by ANY.RUN's expert team, is distributed through fraudulent websites designed to mimic official Google Authenticator websites. These deceptive sites trick users into downloading malware. When users click the Download button, their information is sent to a Telegram bot named Tuc-tuc before the malware is downloaded from GitHub.
๐๐ง-๐๐๐ฉ๐ญ๐ก ๐๐ง๐๐ฅ๐ฒ๐ฌ๐ข๐ฌ ๐จ๐ ๐๐๐๐ซ๐๐ญ๐๐๐ฅ๐๐ซ
ANY.RUNโs team conducted a comprehensive analysis of the DeerStealer malware. Key findings include:
โข Fake site analysis: Attackers are using websites mimicking legitimate Google pages, tricking users into downloading the malware.
โข Telegram bot logging: The bot logs visitor information, including IP addresses and countries.
โข Stealer on GitHub: The malware, hosted on GitHub, is written in Delphi and executes directly in memory, employing obfuscation techniques to avoid detection.
โข C2 communication: The malware communicates with a C2 server, sending encrypted data using single-byte XOR encryption.
๐๐ฆ๐ฉ๐ฅ๐ข๐๐๐ญ๐ข๐จ๐ง๐ฌ ๐๐จ๐ซ ๐๐ฒ๐๐๐ซ๐ฌ๐๐๐ฎ๐ซ๐ข๐ญ๐ฒ ๐๐ซ๐จ๐๐๐ฌ๐ฌ๐ข๐จ๐ง๐๐ฅ๐ฌ
Cybersecurity experts can use this analysis to study the behavior of the DeerStealer malware and collect Indicators of Compromise (IOCs) identified by ANY.RUN's experts.
For more information on the malware campaign, visit the ANY.RUN blog.
๐๐๐จ๐ฎ๐ญ ๐๐๐.๐๐๐
ANY.RUN offers a comprehensive suite of cybersecurity products, including an interactive sandbox and a Threat Intelligence portal. Trusted by over 400,000 professionals globally, the sandbox provides an efficient and user-friendly platform for analyzing malware targeting both Windows and Linux systems. Additionally, ANY.RUN's Threat Intelligence services, comprising Lookup, Feeds, and YARA Search, enable users to gather critical information about threats and respond to incidents with enhanced speed and accuracy.
The ANY.RUN team
ANYRUN FZCO
+1 657-366-5050
email us here
Visit us on social media:
X
Legal Disclaimer:
EIN Presswire provides this news content "as is" without warranty of any kind. We do not accept any responsibility or liability for the accuracy, content, images, videos, licenses, completeness, legality, or reliability of the information contained in this article. If you have any complaints or copyright issues related to this article, kindly contact the author above.
