Researchers from the AhnLab Security Intelligence Center have noticed a rising trend in malware campaigns that use cracked software to distribute information stealers like ACR Stealer and Lumma. ACR Stealer, now more prevalent since January 2025, employs sophisticated techniques like dead drop resolvers to retrieve command-and-control server addresses. Additionally, another campaign has emerged, utilizing MSC files to plant Rhadamanthys malware via PowerShell scripts, exploiting known vulnerabilities like CVE-2024-43572. These developments illustrate the evolving tactics used by cybercriminals to compromise systems.
Cybersecurity experts are highlighting the rise of new malware campaigns utilizing cracked software versions to distribute information stealers like Lumma and ACR Stealer.
The AhnLab Security Intelligence Center's recent report underscores a significant increase in ACR Stealer distribution, pinpointing its use of dead drop resolver technique for command-and-control extraction.
Currently, attackers are leveraging MSC files masquerading as MS Word documents to deliver Rhadamanthys, executed through PowerShell scripts after exploiting specific vulnerabilities.
CVE-2024-43572, dubbed GrimResource, highlights the vulnerabilities used by malicious actors, first documented in June 2024 and subsequently patched by Microsoft.
Collection
[
|
...
]