- cross-posted to:
- cybersecurity@sh.itjust.works
- cross-posted to:
- cybersecurity@sh.itjust.works
The threat actors use a variety of distribution channels, including malvertising, spearphishing, and brand impersonation in online gaming, cryptocurrency, and software, to spread 50 malware payloads, including AMOS, Stealc, and Rhadamanthys.
Victims are lured into downloading malicious software by interacting with what they are tricked into believing are legitimate job opportunities or project collaborations.
On Windows, HijackLoader is used for delivering Stealc, a general-purpose lightweight info-stealer designed to collect data from browsers and crypto wallet apps, or Rhadamanthys, a more specialized stealer that targets a broad range of applications and data types.
When the target uses macOS, Marko Polo deploys Atomic (‘AMOS’). This stealer launched in mid-2023, rented to cybercriminals for $1,000/month, allowing them to snatch various data stored in web browsers.