TrendMicro published their analyses on CopperStealer distributing malware by abusing various components such as browser stealer, adware browser extension, or remote desktop. Tracking the cybercriminal group’s latest activities, TrendMicro found a malicious browser extension capable of creating and stealing API keys from infected machines when the victim is logged in to a major cryptocurrency exchange website. These API keys allow the extension to perform transactions and send cryptocurrencies from victims’ wallets to the attackers’ wallets.
MALWARE FAMILIES: TrojanSpy, Coinbase API
ATT&CK IDS: T1027 - Obfuscated Files or Information, T1098 - Account Manipulation, T1104 - Multi-Stage Channels, T1106 - Native API, T1176 - Browser Extensions, T1568 - Dynamic Resolution, T1573 - Encrypted Channel, T1111 - Two-Factor Authentication Interception
Read More:
Yorumlar