top of page

Enigma Stealer Targets Cryptocurrency Industry with Fake Jobs

In this campaign, the suspected Russian threat actors, use several highly obfuscated and underdevelopment custom loaders in order to infect those involved in the cryptocurrency industry with Enigma stealer (detected as TrojanSpy.MSIL.ENGIMASTEALER.YXDBC), which is a modified version of the Stealerium information stealer.

MALWARE FAMILIES: Engima Stealer, Stealerium

ATT&CK IDS: T1040 - Network Sniffing, T1053 - Scheduled Task/Job, T1056 - Input Capture, T1104 - Multi-Stage Channels, T1106 - Native API, T1112 - Modify Registry, T1124 - System Time Discovery, T1127 - Trusted Developer Utilities Proxy Execution, T1134 - Access Token Manipulation, T1140 - Deobfuscate/Decode Files or Information, T1218 - Signed Binary Proxy Execution, T1496 - Resource Hijacking, T1560 - Archive Collected Data, T1574 - Hijack Execution Flow

Read More:



Commenting has been turned off.
bottom of page