InfoStealer Malware – A New Operation in The Wild [source: securityaffairs]
by CIRT Team
The Italia cyber security expert Marco Ramilli, founder of Yoroi, published an interesting analysis of a quite new InfoStealer Malware delivered by eMail to many International Companies.
I made this quick introduction because the following analysis would probably take the reader to think about specific attribution, but it won’t be so accurate, so please be prepared to have not such a clear conclusions.
Today I’d like to show an interesting analysis of a quite new InfoStealer Malware delivered by eMail to many International Companies. The analysis shows up interesting Code Reuse capabilities, apparently originated by Japanese Attackers reusing an English Speaker Attacker source code. Again I have not enough artifacts to give attributions but only few clues as follows. In the described analysis, the original sample was delivered by email@example.com (with high probability a compromised South Africa account) to one of my spamming email addresses.
For more, click here.