Security researchers at Positive Technologies have uncovered a sophisticated malware campaign dubbed “Desert Dexter” that has compromised more than 900 victims worldwide since September 2024. Positive Technologies researchers noted that the malware deployed in these attacks is a sophisticated modification of AsyncRAT, customized to search for cryptocurrency wallets and establish communication with a Telegram bot. They create fake news channels on social media platforms, particularly Facebook, masquerading as legitimate media outlets such as Libya Press, Sky News, and The Times of Israel. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news. Cybersecurity researchers at G DATA have uncovered a sophisticated malware campaign using fake CAPTCHA prompts to deliver LummaStealer, a dangerous information-stealing malware. Researchers identified a suspected Desert Dexter member through screenshots inadvertently captured by the malware itself, indicating a possible Libyan origin. The attack, discovered in February 2025, primarily targets countries in the Middle East and North Africa, with Egypt, Libya, UAE, Russia, Saudi Arabia, and Turkey being the most affected regions. These channels publish advertisements containing links to malicious files hosted on legitimate file-sharing services or in Telegram channels. The complete kill chain of the attack shows that how multiple scripting languages work together to establish persistence and execute the final payload. The threat actors behind Desert Dexter employ a social engineering strategy that leverages the region’s current geopolitical climate. When victims click on these links, they download RAR archives containing malicious JavaScript or BAT scripts that initiate a complex infection chain. The widespread impact demonstrates how effective social engineering tactics can be when combined with legitimate services and geopolitical lures. The modified AsyncRAT includes a keylogger component and checks for cryptocurrency wallet extensions including Binance Wallet, Phantom, and Trust Wallet. The Desert Dexter attack chain employs multiple stages of obfuscation. Tushar is a Cyber security content editor with a passion for creating captivating and informative content.
This Cyber News was published on cybersecuritynews.com. Publication date: Fri, 07 Mar 2025 16:45:28 +0000