This nasty new trojan lifts login details from Chrome, Edge and Outlook

(Image credit: Andriano.cz / Shutterstock)

The threat intelligence team at Cisco Talos has discovered a new trojan campaign that can steal personal credentials from web browsers, Microsoft Outlook, and instant messaging apps. The attack method starts with a phishing email containing a malicious HTML file attachment.

“The employs a multi-modular approach that starts with the initial phishing email and carries through to the final payload,” Vanja Svajcer, an outreach researcher woractor king for Cisco Talos, explained. “The adversaries behind this campaign likely do this to evade detection. But it can also be a weakness, as there are plenty of opportunities for defenders to break the killchain.”

Attackers first send an email with a subject line claiming to relate to a specific business. It will be accompanied by a RAR attachment that creates files with the “r00” RAR extension and subsequently the .chm extension. The CHM file is a compiled HTML format and, in this case, it contains JavaScript code that will start the infection process.

We've highlighted the best antivirus solutions around
Check out our roundup of the best ransomware protection tools out there
Keep your devices virus-free with the best malware removal software

We meet again

The type of trojan used in this campaign is known as “Masslogger” and it has been seen in the wild before. Masslogger was first released in April 2020 and sold on underground forums as a way of stealing credentials, mostly from browsers but also from email clients and messaging apps.

For this campaign, it seems that the threat actor or group involved had specific targets in mind or at least a particular region that they felt comfortable targeting – primarily eastern and southern Europe. Cisco Talos identified email messages targeting Latvia, Lithuania, Turkey, Bulgaria, Estonia, Romania, Hungary, Italy, and Spain, with some messaged written in English.

To block this exploit, individuals should conduct regular and background memory scans, employ up-to-date web and email security solutions and remain vigilant against suspicious-looking emails.

We've also put together a list of the best endpoint protection software

Via The Register

Barclay has been writing about technology for a decade, starting out as a freelancer with ITProPortal covering everything from London’s start-up scene to comparisons of the best cloud storage services. After that, he spent some time as the managing editor of an online outlet focusing on cloud computing, furthering his interest in virtualization, Big Data, and the Internet of Things.