CyberSecurityBoard
Sponsor Register Login

MrAnon Stealer Attacking Windows Via Weaponized PDF Files

To obtain the final malware, the PowerShell script is executed by the PDF after it has downloaded a.NET executable file made with PowerGUI. Credentials, system data, browser sessions, and cryptocurrency extensions were all stolen by Mr. Alan Stealer.
According to FortiGuard Labs, this malware is a Python-based information stealer that has been compressed with cx-Freeze to avoid detection.
The majority of queries to the downloader URL came from Germany, indicating that the country was the attack's main target.
November 2023 had a notable increase in the number of inquiries for this URL, suggesting a more vigorous and active marketing during that month.
Researchers say a downloader link for the malicious PDF file is concealed in the stream object.
MrAnon Stealer's support channel offers more features, advertises the product, and has a page where users can buy all related tools.
Data and sensitive information are stolen from many applications, compressed, and uploaded to the threat actor's Telegram channel and a public file-sharing website.
As a result, users are cautioned to avoid opening suspicious PDF files and phishing emails.


This Cyber News was published on gbhackers.com. Publication date: Mon, 11 Dec 2023 13:28:05 +0000


Cyber News related to MrAnon Stealer Attacking Windows Via Weaponized PDF Files

MrAnon Stealer Propagates via Email with Fake Hotel Booking PDF - FortiGuard Labs cybersecurity experts have discovered a sophisticated email phishing scheme that uses fraudulent hotel reservations to target unsuspecting victims. The phishing campaign involves the deployment of an infected PDF file, which sets off ...
2 years ago Cysecurity.news
MrAnon Stealer Spreads via Email with Fake Hotel Booking PDF - FortiGuard Labs recently identified an email phishing campaign using deceptive booking information to entice victims into clicking on a malicious PDF file. The PDF downloads a.NET executable file created with PowerGUI and then runs a PowerShell ...
2 years ago Feeds.fortinet.com
MrAnon Stealer Attacking Windows Via Weaponized PDF Files - To obtain the final malware, the PowerShell script is executed by the PDF after it has downloaded a.NET executable file made with PowerGUI. Credentials, system data, browser sessions, and cryptocurrency extensions were all stolen by Mr. Alan Stealer. ...
2 years ago Gbhackers.com
'Ov3r Stealer' Malware Spreads Through Facebook to Steal Crates of Info - The malware by design exfiltrates specific types of data such as geolocation, hardware info, passwords, cookies, credit card information, auto-fills, browser extensions, crypto wallets, Office documents, and antivirus product information, according ...
1 year ago Darkreading.com
Facebook ads push new Ov3r Stealer password-stealing malware - A new password-stealing malware named Ov3r Stealer is spreading through fake job advertisements on Facebook, aiming to steal account credentials and cryptocurrency. The fake job ads are for management positions and lead users to a Discord URL where a ...
1 year ago Bleepingcomputer.com
RedLine Stealer Malware Deployed Via ScrubCrypt Evasion Tool - A new version of the ScrubCrypt obfuscation tool is being used to target organizations with the RedLine Stealer malware, fraud sensor network Human Security has warned. Human's Satori Threat Intelligence Team said it has uncovered the new build of ...
2 years ago Infosecurity-magazine.com
New Germlin Stealer Advertised on Hacker Forums Steals Credit Card Data & Login Credentials - Cyber Security News - For credit card data theft, Gremlin Stealer employs specialized functions that target stored payment information across multiple browsers. First spotted being advertised on underground forums and Telegram channels, Gremlin Stealer represents a ...
7 months ago Cybersecuritynews.com
Weaponized PDF Documents Deliver Lumma InfoStealer Attacking Educational Institutions - Security analysts at Cloudsek noted that the malware employs advanced evasion techniques like obfuscated scripts and encrypted communications with Command-and-Control (C2) servers. This sophisticated campaign exploits malicious LNK (shortcut) files ...
10 months ago Cybersecuritynews.com
Fake Browser Updates Targeting Mac Systems With Infostealer - A widely popular social engineering campaign previously only targeting Windows systems has expanded and is now using fake browser updates to distribute Atomic Stealer, a dangerous information stealer, to macOS systems. Experts say this could be the ...
2 years ago Darkreading.com
Windows 10 Extended Security Updates Promised for Small Businesses and Home Users - Already common for enterprises, for the first time, individuals will also get the option to pay for extended security updates for a Windows operating system that's out of support. Windows 10 will stop getting free updates, including security fixes, ...
2 years ago Techrepublic.com
Octalyn Stealer Steals VPN Configurations, Passwords and Cookies in Structured Folders - A sophisticated new credential stealer disguised as a legitimate forensic toolkit has emerged on GitHub, targeting sensitive user data including VPN configurations, browser credentials, and cryptocurrency wallet information. The Octalyn Stealer, ...
5 months ago Cybersecuritynews.com
New Android Malware 'Salvador Stealer' That Phish & Steals Your Banking Details & OTPs - Cybersecurity researchers have discovered a sophisticated new Android malware called “Salvador Stealer” that targets banking credentials and one-time passwords (OTPs) through an elaborate phishing scheme. Once active, Salvador Stealer ...
8 months ago Cybersecuritynews.com
Titan Stealer: A New Golang-Based Information Stealer Malware Emerges - A new Golang-based information stealer malware, dubbed Titan Stealer, is being advertised by threat actors through their Telegram channel. Uptycs security researchers Karthickkumar Kathiresan and Shilpesh Trivedi first documented the malware in ...
2 years ago Thehackernews.com
Deceptive Cracked Software Spreads Lumma Variant on YouTube - FortiGuard Labs recently discovered a threat group using YouTube channels to distribute a Lumma Stealer variant. These YouTube videos typically feature content related to cracked applications, presenting users with similar installation guides and ...
1 year ago Feeds.fortinet.com
Serpent Stealer Acquire Browser Passwords and Erases Logs - Beneath the surface of the cyber realm, a silent menace emerges-crafted with the precision of the. NET framework, the Serpent Stealer slithers undetected through security measures, leaving traces of its intrusion. It can also steal sensitive data, ...
2 years ago Gbhackers.com
ESET Threat Report: ChatGPT Name Abuses, Lumma Stealer Malware Increases, Android SpinOk SDK Spyware's Prevalence - Cybersecurity company ESET released its H2 2023 threat report, and we're highlighting three particularly interesting topics in it: the abuse of the ChatGPT name by cybercriminals, the rise of the Lumma Stealer malware and the Android SpinOk SDK ...
2 years ago Techrepublic.com
Windows SmartScreen flaw exploited to drop Phemedrone malware - A Phemedrone information-stealing malware campaign exploits a Microsoft Defender SmartScreen vulnerability to bypass Windows security prompts when opening URL files. Phemedrone is a new open-source info-stealer malware that harvests data stored in ...
1 year ago Bleepingcomputer.com CVE-2023-36025 CVE-2023-36095
ACR Stealer: Uncovering Attack Chains - The ACR Stealer malware has emerged as a significant threat in the cybersecurity landscape, known for its sophisticated attack chains and data theft capabilities. This article delves into the mechanics of ACR Stealer, exploring how it infiltrates ...
3 months ago Cybersecuritynews.com
DarkCloud Stealer Attacking Organizations with Weaponized .TAR Archive to Steal Passwords - A sophisticated cyber campaign leveraging the DarkCloud information stealer has targeted Spanish organizations across multiple critical sectors since early April 2025. With years of experience under his belt in Cyber Security, he is covering Cyber ...
8 months ago Cybersecuritynews.com Hunters
Microsoft Edge to Use Adobe Acrobats PDF Rendering Technology - Microsoft and Adobe have joined forces to incorporate Adobe Acrobat's PDF rendering engine directly into the Edge browser, replacing the existing PDF engine. Starting in March 2023, new versions of Microsoft Edge for Windows 10 and Windows 11 will be ...
2 years ago Bleepingcomputer.com
CVE-2018-18689 - The Portable Document Format (PDF) specification does not provide any information regarding the concrete procedure of how to validate signatures. Consequently, a Signature Wrapping vulnerability exists in multiple products. An attacker can use ...
4 years ago
Sophisticated macOS Infostealers Get Past Apple's Built-In Detection - Increasingly sophisticated infostealers are targeting macOS with the capability to evade Apple's built-in malware protection, as attackers are becoming more savvy about how to crack static signature-detection engines like the platform's proprietary ...
1 year ago Darkreading.com Hunters
MacOS info-stealers quickly evolve to evade XProtect detection - Multiple information stealers for the macOS platform have demonstrated the capability to evade detection even when security companies follow and report about new variants frequently. A report by SentinelOne highlights the problem through three ...
1 year ago Bleepingcomputer.com
Arcane Stealer Via YouTube Videos Steal Data From Network Utilities Including VPN & FileZilla - Security experts advise users to be extremely cautious when downloading supposed game cheats or cracks from YouTube videos, particularly those that require extracting password-protected archives or running batch files. The malware, discovered in late ...
9 months ago Cybersecuritynews.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)