MrAnon Stealer Attacking Windows Via Weaponized PDF Files

To obtain the final malware, the PowerShell script is executed by the PDF after it has downloaded a.NET executable file made with PowerGUI. Credentials, system data, browser sessions, and cryptocurrency extensions were all stolen by Mr. Alan Stealer.
According to FortiGuard Labs, this malware is a Python-based information stealer that has been compressed with cx-Freeze to avoid detection.
The majority of queries to the downloader URL came from Germany, indicating that the country was the attack's main target.
November 2023 had a notable increase in the number of inquiries for this URL, suggesting a more vigorous and active marketing during that month.
Researchers say a downloader link for the malicious PDF file is concealed in the stream object.
MrAnon Stealer's support channel offers more features, advertises the product, and has a page where users can buy all related tools.
Data and sensitive information are stolen from many applications, compressed, and uploaded to the threat actor's Telegram channel and a public file-sharing website.
As a result, users are cautioned to avoid opening suspicious PDF files and phishing emails.


This Cyber News was published on gbhackers.com. Publication date: Mon, 11 Dec 2023 13:28:05 +0000


Cyber News related to MrAnon Stealer Attacking Windows Via Weaponized PDF Files

MrAnon Stealer Propagates via Email with Fake Hotel Booking PDF - FortiGuard Labs cybersecurity experts have discovered a sophisticated email phishing scheme that uses fraudulent hotel reservations to target unsuspecting victims. The phishing campaign involves the deployment of an infected PDF file, which sets off ...
1 year ago Cysecurity.news
MrAnon Stealer Spreads via Email with Fake Hotel Booking PDF - FortiGuard Labs recently identified an email phishing campaign using deceptive booking information to entice victims into clicking on a malicious PDF file. The PDF downloads a.NET executable file created with PowerGUI and then runs a PowerShell ...
1 year ago Feeds.fortinet.com
'Ov3r Stealer' Malware Spreads Through Facebook to Steal Crates of Info - The malware by design exfiltrates specific types of data such as geolocation, hardware info, passwords, cookies, credit card information, auto-fills, browser extensions, crypto wallets, Office documents, and antivirus product information, according ...
10 months ago Darkreading.com
MrAnon Stealer Attacking Windows Via Weaponized PDF Files - To obtain the final malware, the PowerShell script is executed by the PDF after it has downloaded a.NET executable file made with PowerGUI. Credentials, system data, browser sessions, and cryptocurrency extensions were all stolen by Mr. Alan Stealer. ...
1 year ago Gbhackers.com
Facebook ads push new Ov3r Stealer password-stealing malware - A new password-stealing malware named Ov3r Stealer is spreading through fake job advertisements on Facebook, aiming to steal account credentials and cryptocurrency. The fake job ads are for management positions and lead users to a Discord URL where a ...
10 months ago Bleepingcomputer.com
RedLine Stealer Malware Deployed Via ScrubCrypt Evasion Tool - A new version of the ScrubCrypt obfuscation tool is being used to target organizations with the RedLine Stealer malware, fraud sensor network Human Security has warned. Human's Satori Threat Intelligence Team said it has uncovered the new build of ...
1 year ago Infosecurity-magazine.com
Fake Browser Updates Targeting Mac Systems With Infostealer - A widely popular social engineering campaign previously only targeting Windows systems has expanded and is now using fake browser updates to distribute Atomic Stealer, a dangerous information stealer, to macOS systems. Experts say this could be the ...
1 year ago Darkreading.com
The age of weaponized LLMs is here - It's exactly what one researcher, Julian Hazell, was able to simulate, adding to a collection of studies that, altogether, signify a seismic shift in cyber threats: the era of weaponized LLMs is here. The research all adds up to one thing: LLMs are ...
1 year ago Venturebeat.com
Titan Stealer: A New Golang-Based Information Stealer Malware Emerges - A new Golang-based information stealer malware, dubbed Titan Stealer, is being advertised by threat actors through their Telegram channel. Uptycs security researchers Karthickkumar Kathiresan and Shilpesh Trivedi first documented the malware in ...
1 year ago Thehackernews.com
Deceptive Cracked Software Spreads Lumma Variant on YouTube - FortiGuard Labs recently discovered a threat group using YouTube channels to distribute a Lumma Stealer variant. These YouTube videos typically feature content related to cracked applications, presenting users with similar installation guides and ...
11 months ago Feeds.fortinet.com
Serpent Stealer Acquire Browser Passwords and Erases Logs - Beneath the surface of the cyber realm, a silent menace emerges-crafted with the precision of the. NET framework, the Serpent Stealer slithers undetected through security measures, leaving traces of its intrusion. It can also steal sensitive data, ...
1 year ago Gbhackers.com
ESET Threat Report: ChatGPT Name Abuses, Lumma Stealer Malware Increases, Android SpinOk SDK Spyware's Prevalence - Cybersecurity company ESET released its H2 2023 threat report, and we're highlighting three particularly interesting topics in it: the abuse of the ChatGPT name by cybercriminals, the rise of the Lumma Stealer malware and the Android SpinOk SDK ...
1 year ago Techrepublic.com
Windows 10 Extended Security Updates Promised for Small Businesses and Home Users - Already common for enterprises, for the first time, individuals will also get the option to pay for extended security updates for a Windows operating system that's out of support. Windows 10 will stop getting free updates, including security fixes, ...
1 year ago Techrepublic.com
Sophisticated macOS Infostealers Get Past Apple's Built-In Detection - Increasingly sophisticated infostealers are targeting macOS with the capability to evade Apple's built-in malware protection, as attackers are becoming more savvy about how to crack static signature-detection engines like the platform's proprietary ...
11 months ago Darkreading.com
MacOS info-stealers quickly evolve to evade XProtect detection - Multiple information stealers for the macOS platform have demonstrated the capability to evade detection even when security companies follow and report about new variants frequently. A report by SentinelOne highlights the problem through three ...
11 months ago Bleepingcomputer.com
Windows SmartScreen flaw exploited to drop Phemedrone malware - A Phemedrone information-stealing malware campaign exploits a Microsoft Defender SmartScreen vulnerability to bypass Windows security prompts when opening URL files. Phemedrone is a new open-source info-stealer malware that harvests data stored in ...
11 months ago Bleepingcomputer.com
Stealing Browser Passwords & Cookies - A new malicious campaign, Editbot Stealer, was discovered in which threat actors use WinRAR archive files with minimal detection to perform a multi-stage attack. The malicious WinRAR archive used by the threat actors consists of a.bat file and a JSON ...
1 year ago Cybersecuritynews.com
AI-Powered Rhadamanthys Stealer Targets Crypto Wallets with Image Recognition - Rhadamanthys and Lumma, alongside other stealer malware families like Meduza, StealC, Vidar, and WhiteSnake, have also been found releasing updates in recent weeks to collect cookies from the Chrome web browser, effectively bypassing newly introduced ...
2 months ago Thehackernews.com
New Rhadamanthys stealer version enhances features, evasion - The developers of the Rhadamanthys information-stealing malware have recently released two major versions to add improvements and enhancements across the board, including new stealing capabilities and enhanced evasion. Rhadamanthys is a C++ ...
1 year ago Bleepingcomputer.com
Rhadamanthys Stealer malware evolves with more powerful features - The developers of the Rhadamanthys information-stealing malware have recently released two major versions to add improvements and enhancements across the board, including new stealing capabilities and enhanced evasion. Rhadamanthys is a C++ ...
1 year ago Bleepingcomputer.com
Kimsuky Group Using Weaponized file Deploy AppleSeed Malware - Hackers use weaponized LNK files to exploit vulnerabilities in Windows operating systems. These files often contain malicious code that can be executed when the user clicks on the shortcut. These weaponized files allow threat actors to perform ...
11 months ago Cybersecuritynews.com
Beware Weaponized YouTube Channels Spreading Lumma Stealer - Attackers have been spreading a variant of the Lumma Stealer via YouTube channels that feature content related to cracking popular applications, eluding Web filters by using open source platforms like GitHub and MediaFire instead of proprietary ...
11 months ago Darkreading.com
Microsoft Edge to Use Adobe Acrobats PDF Rendering Technology - Microsoft and Adobe have joined forces to incorporate Adobe Acrobat's PDF rendering engine directly into the Edge browser, replacing the existing PDF engine. Starting in March 2023, new versions of Microsoft Edge for Windows 10 and Windows 11 will be ...
1 year ago Bleepingcomputer.com
CVE-2018-18689 - The Portable Document Format (PDF) specification does not provide any information regarding the concrete procedure of how to validate signatures. Consequently, a Signature Wrapping vulnerability exists in multiple products. An attacker can use ...
3 years ago
Global malspam targets hotels, spreading Redline and Vidar stealers - The latest global malspam campaign targets the hotel industry, emphasizing the need to stay alert against such attacks at all times. Cybersecurity researchers at Sophos X-Ops have issued a warning to the hospitality industry about a sophisticated ...
1 year ago Hackread.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)