This nasty new trojan lifts login details from Chrome, Edge and Outlook

News
By published

Masslogger trojan returns with a venegeance

Malware Magnifying Glass
(Image credit: Andriano.cz / Shutterstock)

The threat intelligence team at Cisco Talos has discovered a new trojan campaign that can steal personal credentials from web browsers, Microsoft Outlook, and instant messaging apps. The attack method starts with a phishing email containing a malicious HTML file attachment.

“The employs a multi-modular approach that starts with the initial phishing email and carries through to the final payload,” Vanja Svajcer, an outreach researcher woractor king for Cisco Talos, explained. “The adversaries behind this campaign likely do this to evade detection. But it can also be a weakness, as there are plenty of opportunities for defenders to break the killchain.”

Attackers first send an email with a subject line claiming to relate to a specific business. It will be accompanied by a RAR attachment that creates files with the “r00” RAR extension and subsequently the .chm extension. The CHM file is a compiled HTML format and, in this case, it contains JavaScript code that will start the infection process.  

We meet again

The type of trojan used in this campaign is known as “Masslogger” and it has been seen in the wild before. Masslogger was first released in April 2020 and sold on underground forums as a way of stealing credentials, mostly from browsers but also from email clients and messaging apps.

For this campaign, it seems that the threat actor or group involved had specific targets in mind or at least a particular region that they felt comfortable targeting – primarily eastern and southern Europe. Cisco Talos identified email messages targeting Latvia, Lithuania, Turkey, Bulgaria, Estonia, Romania, Hungary, Italy, and Spain, with some messaged written in English.

To block this exploit, individuals should conduct regular and background memory scans, employ up-to-date web and email security solutions and remain vigilant against suspicious-looking emails.

Via The Register

TOPICS
Barclay Ballard
Barclay Ballard

Barclay has been writing about technology for a decade, starting out as a freelancer with ITProPortal covering everything from London’s start-up scene to comparisons of the best cloud storage services.  After that, he spent some time as the managing editor of an online outlet focusing on cloud computing, furthering his interest in virtualization, Big Data, and the Internet of Things. 

Latest in Security
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Broadcom warns of worrying security flaws affecting VMware tools
Android Logo
Devious new Android malware uses a Microsoft tool to avoid being spotted
URL phishing
HaveIBeenPwned owner suffers phishing attack that stole his Mailchimp mailing list
Ransomware
Cl0p resurgence drives ransomware attacks to new highs in 2025
Google Chrome
Google Chrome security flaw could have let hackers spy on all your online habits
cybersecurity
Chinese government hackers allegedly spent years undetected in foreign phone networks
Latest in News
The Samsung Galaxy S25 Edge on display the January 22, 2025 Galaxy Unpacked event.
Samsung Galaxy S25 Edge colors seemingly revealed in new video, and there’s another sign of an imminent launch
Promotional image for Malcolm in the Middle featuring the original cast playing golf
Malcolm in the Middle's Disney+ revival gets underway as the series finds its cast – here's which characters are returning
Group of people meeting
Inflexible work policies are pushing tech workers to quit
A young woman is working on a laptop in a relaxed office space.
I’ll admit, Microsoft’s new Windows 11 update surprised me with its usefulness, providing accessibility fixes, a gamepad keyboard layout, and PC spec cards
Youtube
YouTube Premium could be getting a new time-saving perk, showing you recommended videos directly in your playback queue
inZOI promotional material.
inZOI has become the most wishlisted game on Steam, but I wouldn't get too caught up in the hype
More about security
Android Logo

Devious new Android malware uses a Microsoft tool to avoid being spotted
Google Chrome

Google Chrome security flaw could have let hackers spy on all your online habits
Promotional image for Malcolm in the Middle featuring the original cast playing golf

Malcolm in the Middle's Disney+ revival gets underway as the series finds its cast – here's which characters are returning
See more latest
Most Popular
Promotional image for Malcolm in the Middle featuring the original cast playing golf
Malcolm in the Middle's Disney+ revival gets underway as the series finds its cast – here's which characters are returning
The Samsung Galaxy S25 Edge on display the January 22, 2025 Galaxy Unpacked event.
Samsung Galaxy S25 Edge colors seemingly revealed in new video, and there’s another sign of an imminent launch
Group of people meeting
Inflexible work policies are pushing tech workers to quit
NYT Connections homescreen on a phone, on a purple background
NYT Connections hints and answers for Thursday, March 27 (game #655)
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Thursday, March 27 (game #389)
Youtube
YouTube Premium could be getting a new time-saving perk, showing you recommended videos directly in your playback queue
Quordle on a smartphone held in a hand
Quordle hints and answers for Thursday, March 27 (game #1158)
Android Logo
Devious new Android malware uses a Microsoft tool to avoid being spotted
A young woman is working on a laptop in a relaxed office space.
I’ll admit, Microsoft’s new Windows 11 update surprised me with its usefulness, providing accessibility fixes, a gamepad keyboard layout, and PC spec cards
inZOI promotional material.
inZOI has become the most wishlisted game on Steam, but I wouldn't get too caught up in the hype