"In the hacking campaigns Proofpoint analyzed, cybercriminals attempted to trick users into downloading and installing Stealerium as an attachment or a web link, luring victims with typical bait like a fake payment or invoice. The emails targeted victims inside companies in the hospitality industry, as well as in education and finance, though Proofpoint notes that users outside of companies were also likely targeted but wouldn't be seen by its monitoring tools."
"Once it's installed, Stealerium is designed to steal a wide variety of data and send it to the hacker via services like Telegram, Discord, or the SMTP protocol in some variants of the spyware, all of which is relatively standard in infostealers. The researchers were more surprised to see the automated sextortion feature, which monitors browser URLs for a list of pornography-related terms such as "sex" and "porn,""
Phishing emails delivered Stealerium as attachments or web links, commonly using fake payments or invoices as bait. Targets included employees in hospitality, education, and finance, with non-corporate users also likely targeted. Once installed, the spyware steals diverse data and exfiltrates it via Telegram, Discord, or SMTP. The malware includes an automated sextortion module that monitors browser URLs for configurable pornography-related terms and triggers simultaneous image captures from the webcam and browser. No specific victims have been publicly identified, but the presence of the sextortion capability indicates it has likely been used.
Read at Ars Technica
Unable to calculate read time
Collection
[
|
...
]