COLDRIVER using new malware to steal from Western targets

The malware, LOSTKEYS, can steal files from hard-coded extensions and directories, according to Google.

Threat group COLDRIVER is using new malware to steal documents from Western targets, according to a May 7 report from Google Threat Intelligence. The malware, called LOSTKEYS, shows the evolution of the group from credential phishing to more sophisticated attacks.

According to the Google report, the new malware is installed through four steps. The process involves a “lure website” with a fake CAPTCHA, a PowerShell script downloaded to the user’s clipboard, some device evasion, and retrieval of the final payload. Lastly, the malware is installed.

LOSTKEYS is capable of stealing files from extensions and directories. It can also send system information and running processes back to COLDRIVER. The address from which the parts of the attack come is “165.227.148[.]68” according to Google.

COLDRIVER using new malware to steal from Western targets — Google

Polish crypto firms struggle with uncertainty amid discussions on delayed law

$45 million stolen from Coinbase users in the last week — ZackXBT

$45 million stolen from Coinbase users in the last week — ZackXBT

Latest News

Sandeep Nailwal’s Polygon takeover is his chance to ‘go all in’

ZisK spins off from Polygon with ‘core minds behind Polygon zkEVM’

Healthcare company onboards Trump crypto adviser, buys $20M BTC

Price predictions 6/18: BTC, ETH, XRP, BNB, SOL, DOGE, ADA, HYPE, SUI, BCH

Food fraud costs $50B yearly — Can blockchain stop it?

Bitcoin eyes $105K pre-FOMC as Trump reveals Iran asked for dialogue

The empire strikes out: Institutionalists failed to kill the stablecoin bill

Pi Network migration problems: Users report KYC, 2FA and balance errors

Bitcoin’s invisible tug-of-war between suits and cypherpunks

Senate passes GENIUS stablecoin bill amid concerns over systemic risk

CMC Coin

News

Recent Posts

Office

Stay Connected