Initially, attackers lure victims into clicking a crafted link to a URL file designed to download an LNK file. The LNK file then downloads an executable file containing an [HTML Application] script.
ACR Stealer, an evolved version of the GrMsk Stealer, hides its [command-and-control] with a dead drop resolver (DDR) technique on the Steam community website, siphoning data from various applications.
Recent Lumma Stealer attacks have been observed using similar techniques, enabling easy domain changes to enhance infrastructure resilience, as highlighted by AhnLab Security Intelligence Center (ASEC).
[
Collection
]
[
|
...
]