Close Menu
Indo Guard OnlineIndo Guard Online
  • Home
  • Cyber Security
  • Risk Management
  • Travel
  • Security News
  • Tech
  • More
    • Data Privacy
    • Data Protection
    • Global Security
What's Hot

More than 70 organizations in several sectors aimed at Chinese Cyber ​​Spying Group

June 9, 2025

Two different botnets exploit the vulnerability of the WAZUH server to launch attacks based on peaceful

June 9, 2025

Think what your IDP or CASB covers the shadow? These 5 risks prove differently

June 9, 2025
Facebook X (Twitter) Instagram
Facebook X (Twitter) Instagram YouTube
Indo Guard OnlineIndo Guard Online
Subscribe
  • Home
  • Cyber Security
  • Risk Management
  • Travel
  • Security News
  • Tech
  • More
    • Data Privacy
    • Data Protection
    • Global Security
Indo Guard OnlineIndo Guard Online
Home » Cryptocurrency and Clipper Sarsware are distributed via Sourceforge Cracked Software
Global Security

Cryptocurrency and Clipper Sarsware are distributed via Sourceforge Cracked Software

AdminBy AdminApril 8, 2025No Comments4 Mins Read
Cryptocurrency Miner and Clipper Malware
Share
Facebook Twitter LinkedIn Pinterest Email Copy Link


Miner -Cryptocurrency and malicious software for Clipper

Threatening actors were observed for the distribution of harmful loads such as miner cryptocurrencies and malware for Clipper via SpringA popular hosting service under the guise of shocked versions of legitimate applications such as Microsoft Office.

“One of these projects, Officepackage, on the main site sourceforge.net, looks harmless enough, containing Microsoft Office supplements, copied from the legitimate GITHUB project, Caspersorski – Note In a report published today. “The description and content of the OfficePackage below were also taken from GitHub.”

While each project created on sourceforge.net appointed A “.SourceForge.io “Domain Name, Russian Cybersecurity Company revealed that the OfficePackage” OfficePackage.Sourceforge (.) Display the Long List of Microsoft Office Applications and the corresponding links to download them in Russian.

In addition, the loading button reveals the seemingly legitimate URL in the string of the browser’s state: “Loading.SourceForge (.) IO/Downloading, the impression that the download link is related to Sourcefroge. However, clicking on the link, redirects to a completely different page, placed on” Taplink.) to another boot button.

When the victims press the download button, they are submitted by the ZIP 7MB archive (“Vinstaller.zip”), which when opening contains a second archive, protected by password (“installer.zip”) and a text file with a password to open the file.

Cybersecurity

The new ZIP -FIL presents the MSI installer, which is responsible for creating multiple files, an archive of the console archive called “Unrar.exe”, RAR Archive and Visual Basic (VB) scenario.

“The VB script is running PowerShell translator to download and execute the package, Confvk, with GitHub,” Kaspersky said. “This file contains a password for the RAR archive. It also unpacked malicious files and launches the following stage.”

The batch file is also designed to launch two PowerShell scenarios, one of which sends system metadata using API Telegram. Another file is loading another batch scenario that then acts on the RAR archive, eventually running the miner and Malicious software for Clipper (AKA Clipbanker) Kaids.

The Netcat file (“Shellexperiencehost.exe”) is also reduced, which sets an encrypted connection with a remote server. That’s not all. The Confvk Park File has been found to have created another file called “Errorhandler.cmd”, which contains the PowerShell scenario, programmed to obtain and execute the text string via API Telegram.

The fact that the website has a Russian interface indicates a focus on Russian users. Teleometry data show that 90% of potential victims are in Russia, with 4 604 users facing this scheme in early January and late March.

Using the IO pages (

“As users are looking for ways to download applications by official sources, attackers offer their own,” Kaspersky said. “While the attack is primarily aimed at cryptocurrency, deploying a miner and a clipbank, the attackers could sell systematic access to more dangerous subjects.”

Disclosure occurs when the company has revealed the details of the company that distributes the bootloader malware called Takes from through fake sites By betraying Chatbot Deepseek Artificial Intelligence (AI), as well as a 3D remote and software.

These include websites such as Deepseek-Ai-Soft (.) COM, which unbumed users are redirected to sponsored Google search results, Per Malwarebytes.

Cybersecurity

Takeps designed to download and execute PowerShell scripts, which provide remote access to the infected Hosta via SSH, and give up the changed version of Trajan, dubbed Tevirat. This emphasizes the actor’s attempts to gain full access to the victim’s computer in different ways.

“The sample (…) uses the DLL to download to change and deploy software for remote TeamViewer access on infected devices,” Kaspersky said. “With simple products, the attackers place a malicious library in the same folder as TeamViewer, which changes the default software, hiding it from the user and providing the attackers hidden remote access.”

Development also follows from the detection of malicious Google ads for RVTools, popular VMware utilities to deliver the fake version with which the Thrundershell (AKA SMOKEDHAM), the remote access tool based on PowerShell (rat), emphasizing how the violation remains stable and developing threat.

“Thrundershell, which is sometimes called Smokedham, —This publicly available after operation, intended for red association and penetration – Note. “It provides command and control environment (C2), which allows operators to perform commands on compromised machines through an agent based on PowerShell.”

Found this article interesting? Keep track of us further Youter  and LinkedIn To read more exclusive content we publish.





Source link

Share. Facebook Twitter Pinterest LinkedIn Tumblr Email Copy Link
Admin
  • Website

Related Posts

More than 70 organizations in several sectors aimed at Chinese Cyber ​​Spying Group

June 9, 2025

Two different botnets exploit the vulnerability of the WAZUH server to launch attacks based on peaceful

June 9, 2025

Think what your IDP or CASB covers the shadow? These 5 risks prove differently

June 9, 2025

Openai prohibits chatgpt accounts used by Russian, Iranian and Chinese hacking groups

June 9, 2025

Operation malicious network supply software gets to NPM and Pypi ecosystems, focusing on millions worldwide

June 8, 2025

Extension of the malicious browser has infected 722 users across Latin America since the beginning of 2025

June 8, 2025
Add A Comment
Leave A Reply Cancel Reply

Loading poll ...
Coming Soon
Do You Like Our Website
: {{ tsp_total }}

Subscribe to Updates

Get the latest security news from Indoguardonline.com

Latest Posts

More than 70 organizations in several sectors aimed at Chinese Cyber ​​Spying Group

June 9, 2025

Two different botnets exploit the vulnerability of the WAZUH server to launch attacks based on peaceful

June 9, 2025

Think what your IDP or CASB covers the shadow? These 5 risks prove differently

June 9, 2025

Openai prohibits chatgpt accounts used by Russian, Iranian and Chinese hacking groups

June 9, 2025

Operation malicious network supply software gets to NPM and Pypi ecosystems, focusing on millions worldwide

June 8, 2025

Extension of the malicious browser has infected 722 users across Latin America since the beginning of 2025

June 8, 2025

New company Atomic MacOS Campation Exploaits Clickfix to focus on Apple users

June 6, 2025

Microsoft helps CBI disassemble the Indian Centers for Japanese Technical Support

June 6, 2025
About Us
About Us

Provide a constantly updating feed of the latest security news and developments specific to Indonesia.

Facebook X (Twitter) Pinterest YouTube WhatsApp
Our Picks

More than 70 organizations in several sectors aimed at Chinese Cyber ​​Spying Group

June 9, 2025

Two different botnets exploit the vulnerability of the WAZUH server to launch attacks based on peaceful

June 9, 2025

Think what your IDP or CASB covers the shadow? These 5 risks prove differently

June 9, 2025
Most Popular

In Indonesia, crippling immigration ransomware breach sparks privacy crisis

July 6, 2024

Why Indonesia’s Data Breach Crisis Calls for Better Security

July 6, 2024

Indonesia’s plan to integrate 27,000 govt apps in one platform welcomed but data security concerns linger

July 6, 2024
© 2025 indoguardonline.com
  • Home
  • About us
  • Contact us
  • Privacy Policy

Type above and press Enter to search. Press Esc to cancel.