Watch out for MrAnon Stealer

A #phishing_campaign has been observed delivering an information-stealing malware called  MrAnon Stealer  , via a PDF client.

Fortinet FortiGuard Labs researcher Kara Lin said, “This #malware is an information-stealing program based on the Python language , and is compressed using cx-Freeze     to avoid detection while stealing its victims’ #credentials, system information, browser sessions, and cryptocurrency extensions.”

There is evidence to suggest that Germany is the main target of the attack as of November 2023, due to the number of times the download URL hosting the payload has been queried .

The phishing email, disguised as a company looking to book hotel rooms, carries a PDF file , which when opened activates the infection by asking the recipient to download an updated version of Adobe Flash , which disables .NET executables and PowerShell scripts to run a malicious Python script that… Collects #data from multiple #applications and transfers it to a public file-sharing website and the threat actor’s Telegram channel . It is also able to capture information from instant messaging applications, VPN clients , and files matching the list of required extensions .

Hackers offer MrAnon Stealer for $500 per month (or $750 for two months), along with an encryption software ($250 per month) and a hidden loader ($250 per month) .

According to Fortinet researcher FortiGuard Labs : “The campaign initially deployed Cstealer in July and August, but transitioned to distributing MrAnon Stealer in October and November .  This pattern suggests a strategic approach that includes the continued use of phishing emails to deploy a variety of Python-based theft tools . ” “

The revelation comes as China-linked Mustang Panda is behind a spear-phishing email campaign  targeting the Taiwanese government and diplomats with the aim of spreading  SmugX  , a new variant of the PlugX backdoor that was previously discovered by Check Point in July 2023 .

Source: the hacker news

Edited by: CyberX