Dubbed “AbracadabraStealer,” this malware steals login credentials from magic forums, online shops, and streaming platforms where enthusiasts store payment information. Stolen data is used for fraudulent purchases, unauthorized access to exclusive content, and theft of proprietary magic tricks that later appear for sale on underground forums. Threat actors distribute the malware through phishing emails promising exclusive magic trick tutorials or rare footage of legendary performances. Their analysis revealed the campaign has been active since early 2025 but remained undetected due to its highly targeted nature and sophisticated obfuscation techniques that allow it to bypass standard security solutions. The malware creates a persistent backdoor enabling attackers to harvest browser credentials, monitor keyboard inputs, and capture screenshots during login sessions. This script identifies magic-related software and websites in the browser history before downloading a specialized credential stealer targeting magic community websites. The malware maintains persistence through a modified registry key disguised as an Adobe update service, ensuring automatic restart with the system and long-term access to the victim’s credentials. These emails contain malicious PDF attachments or links to compromised websites that appear legitimate but actually host the malware payload. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. A sophisticated new malware campaign targeting the magic community has emerged. The attackers have demonstrated detailed knowledge of magic terminology and current trends, making their phishing attempts highly convincing to unsuspecting enthusiasts. Kaspersky security researchers identified the threat after prominent magicians reported unauthorized account access across multiple platforms. The malware deploys a JavaScript downloader containing heavily obfuscated code designed to evade detection by security solutions. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news. The attackers have crafted a particularly deceptive operation that exploits the trust and specialized interests of magic practitioners and hobbyists around the world. Victims are predominantly professional magicians, magic shop owners, and dedicated hobbyists active in online communities. Tushar is a Cyber security content editor with a passion for creating captivating and informative content. The attackers appear to be specifically targeting individuals with premium accounts or those who have developed proprietary tricks that could have commercial value. The initial payload appears innocuous but contains encoded instructions for retrieving and executing the main malware components. A new Remote Access Trojan (RAT) dubbed "SnowDog RAT” is malicious software purportedly marketed for $300 per month.
This Cyber News was published on cybersecuritynews.com. Publication date: Thu, 03 Apr 2025 11:45:30 +0000