#Cybersecurity#vulnerability#malware#security#software
  • Home
  • New Malware Campaign Targets Inexperienced Cyber Criminals with OpenBullet Configs

New Malware Campaign Targets Inexperienced Cyber Criminals with OpenBullet Configs

Author : ArmCoding
09-08-2023
Share
New Malware Campaign Targets Inexperienced Cyber Criminals with OpenBullet Configs

A new malware campaign has been observed making use of malicious OpenBullet configuration files to target inexperienced cyber criminals with the goal of delivering a remote access trojan (RAT) capable of stealing sensitive information.

OpenBullet is a legitimate open-source pen testing tool used for automating credential stuffing attacks. It takes in a configuration file that’s tailored to a specific website and can combine it with a password list procured through other means to log successful attempts.

“OpenBullet can be used with Puppeteer, which is a headless browser that can be used for automating web interactions,” the company said. “This makes it very easy to launch credential stuffing attacks without having to deal with browser windows popping up.”

This flexibility can also be a double-edged sword, as it opens up a new attack pathway, only it targets other criminal actors who are actively seeking such configuration files on hacking forums.

The campaign discovered by Kasada employs malicious configs shared on a Telegram channel to reach out to a GitHub repository to retrieve a Rust-based dropper called Ocean that’s designed to fetch the next-stage payload from the same repository.

The executable, a Python-based malware referred to as Patent, ultimately launches a remote access trojan that utilizes Telegram as a command-and-control (C2) mechanism and executes instructions to capture screenshots, list directory contents, terminate tasks, exfiltrate crypto wallet information, and steal passwords and cookies from Chromium-based web browsers.

Targeted browsers and crypto wallets include Brave, Google Chrome, Microsoft Edge, Opera, Opera GX, Opera Crypto, Yandex Browser, Atomic, Dash Core, Electron Cash, Electrum, Electrum-LTC, Ethereum Wallet, Exodus, Jaxx Liberty, Litecoin Wallet, and Mincoin.

“The distribution of the malicious OpenBullet configs within Telegram is a novel infection vector, likely targeting these criminal communities due to their frequent use of cryptocurrencies,” the researchers said.

 

Source: https://thehackernews.com/

#Cybersecurity#Hacker#malware#Network#security#software#vulnerability
CISA Alerts Federal Agencies to Patch Actively Exploited Linux Kernel Flaw
CISA Alerts Federal Agencies to Patch Actively Exploited Linux Kernel Flaw
  • 31-05-2024
Researchers Uncover Active Exploitation of WordPress Plugin Vulnerabilities
Researchers Uncover Active Exploitation of WordPress Plugin Vulnerabilities
  • 31-05-2024
BreachForums Returns Just Weeks After FBI Seizure – Honeypot or Blunder?
BreachForums Returns Just Weeks After FBI Seizure – Honeypot or Blunder?
  • 30-05-2024
Okta Warns of Credential Stuffing Attacks Targeting Customer Identity Cloud
Okta Warns of Credential Stuffing Attacks Targeting Customer Identity Cloud
  • 30-05-2024
WordPress Plugin Exploited to Steal Credit Card Data from E-commerce Sites
WordPress Plugin Exploited to Steal Credit Card Data from E-commerce Sites
  • 29-05-2024
TP-Link Gaming Router Vulnerability Exposes Users to Remote Code Attacks
TP-Link Gaming Router Vulnerability Exposes Users to Remote Code Attacks
  • 29-05-2024
4th Zero-Day Exploit Discovered in May 2024
4th Zero-Day Exploit Discovered in May 2024
  • 27-05-2024
Beware: These Fake Antivirus Sites Spreading Android and Windows Malware
Beware: These Fake Antivirus Sites Spreading Android and Windows Malware
  • 27-05-2024
CISA Warns of Actively Exploited Apache Flink Security Vulnerability
CISA Warns of Actively Exploited Apache Flink Security Vulnerability
  • 24-05-2024