New Multi-Stage Malware Loader Delivers Cryptocurrency Stealer GreetingGhoul
What’s Happening?
A new multi-stage malware loader called DoubleFinger has been discovered delivering a cryptocurrency stealer known as GreetingGhoul. This sophisticated attack targets users in Europe, the U.S., and Latin America. The first stage of DoubleFinger’s loader is executed when the victim opens a malicious PIF attachment in an email message.
How Does DoubleFinger Work?
DoubleFinger is a multi-stage loader that deploys on the target machine. Once the initial PIF attachment is opened by the victim, the loader’s first stage is executed. The first stage then downloads and executes another stage from a remote server. This process continues until all the stages are complete.
Each stage is encrypted and obfuscated, making it difficult to detect and analyze. Moreover, every stage has its own set of anti-analysis and anti-debugging techniques, making it harder for researchers to uncover the malware’s inner workings.
What is GreetingGhoul?
GreetingGhoul is a cryptocurrency stealer that is delivered by DoubleFinger. Once GreetingGhoul is installed on a victim’s machine, it steals cryptocurrency wallets and sends them to the attacker’s command-and-control server.
The malware also has the ability to take screenshots, steal browser cookies and passwords, and download and execute additional payloads.
Who are the Targets?
The targets of this attack are users in Europe, the U.S., and Latin America. The attackers are likely looking for victims who are active in cryptocurrency trading or storage.
Summary
A new multi-stage malware loader known as DoubleFinger has been discovered delivering the cryptocurrency stealer GreetingGhoul in a sophisticated attack that targets users in Europe, the U.S., and Latin America. The malware is delivered through a malicious email attachment and executes in multiple stages, each with its own set of anti-analysis and anti-debugging techniques. Once installed, GreetingGhoul steals cryptocurrency wallets and other sensitive information from victims.Original Article: https://thehackernews.com/2023/06/beware-new-doublefinger-loader-targets.html