New Multi-Stage Malware Loader “DoubleFinger” Delivers Cryptocurrency Stealer “GreetingGhoul” to Targets in Europe, the U.S., and Latin America

bunee 13 Jun 2023

New Multi-Stage Malware Loader Delivers Cryptocurrency Stealer GreetingGhoul

What’s Happening?

A new multi-stage malware loader called DoubleFinger has been discovered delivering a cryptocurrency stealer known as GreetingGhoul. This sophisticated attack targets users in Europe, the U.S., and Latin America. The first stage of DoubleFinger’s loader is executed when the victim opens a malicious PIF attachment in an email message.

How Does DoubleFinger Work?

DoubleFinger is a multi-stage loader that deploys on the target machine. Once the initial PIF attachment is opened by the victim, the loader’s first stage is executed. The first stage then downloads and executes another stage from a remote server. This process continues until all the stages are complete.

Each stage is encrypted and obfuscated, making it difficult to detect and analyze. Moreover, every stage has its own set of anti-analysis and anti-debugging techniques, making it harder for researchers to uncover the malware’s inner workings.

What is GreetingGhoul?

GreetingGhoul is a cryptocurrency stealer that is delivered by DoubleFinger. Once GreetingGhoul is installed on a victim’s machine, it steals cryptocurrency wallets and sends them to the attacker’s command-and-control server.

The malware also has the ability to take screenshots, steal browser cookies and passwords, and download and execute additional payloads.

Who are the Targets?

The targets of this attack are users in Europe, the U.S., and Latin America. The attackers are likely looking for victims who are active in cryptocurrency trading or storage.

Summary

A new multi-stage malware loader known as DoubleFinger has been discovered delivering the cryptocurrency stealer GreetingGhoul in a sophisticated attack that targets users in Europe, the U.S., and Latin America. The malware is delivered through a malicious email attachment and executes in multiple stages, each with its own set of anti-analysis and anti-debugging techniques. Once installed, GreetingGhoul steals cryptocurrency wallets and other sensitive information from victims.

Original Article: https://thehackernews.com/2023/06/beware-new-doublefinger-loader-targets.html




Leave a Reply

Your email address will not be published. Required fields are marked *

See Also...

“Unmasking a Cyber Crime Network: Lessons from the Ukraine Ransomware Bust”

“Unmasking a Cyber Crime Network: Lessons from the Ukraine Ransomware Bust”

Network of Cyber-Criminals Gets Grilled by Law Enforcers: Ransomware Ringleader and Accomplices Arrested in Ukraine ...

(▀̿Ĺ̯▀̿ ̿) Copyright , All Rights Reserved
Website courtesy of Lucid Perspective