Discover and read the best of Twitter Threads about #infostealer
Most recents (2)
While #infostealer detections trended downwards in 2022, decreasing by 10% in #ESET telemetry, #banking malware doubled in numbers YoY. #ESETresearch 1/4 
This phenomenon was caused by the prevalence of the web skimmer JS/Spy.Banker, also known as #Magecart. Throughout the year, it consistently accounted for about three-fourths of banking malware detections. It was also the third most detected infostealer overall in T3 2022. 2/4
Despite its prevalence, Magecart wasn’t the only banking malware to stand out this time: LATAM banking trojans had a strong end of the year; the detections of #Grandoreiro, #Casbaneiro, #Mekotio, and several others spiked significantly in T3. 3/4
#apt37 #goldbackdoor #loader active #C2
- SHA256: bd4ef6fae7f29def8e5894bf05057653248f009422de85c1e425d04a0b2df258
- C2: hxxps://dallynk.com/wp-sup3
- Encoded Child SHA256: a81b38cda1ad1a1ed2cfc9647e678831fe77500da8ce095667ca5a7d93f8e732
- SHA256: bd4ef6fae7f29def8e5894bf05057653248f009422de85c1e425d04a0b2df258
- C2: hxxps://dallynk.com/wp-sup3
- Encoded Child SHA256: a81b38cda1ad1a1ed2cfc9647e678831fe77500da8ce095667ca5a7d93f8e732
- Child Endpoints (possibly google api key): hxxps://dallynk.com/4332.hwp, hxxp://asplinc.com/xe/modules/page/queries/query_read.dsql, hxxp://www.bsef.or.kr/board/upfile/bbsB/166737125620120323174332.hwp
- Endpoints appear to be compromised.
- Endpoints appear to be compromised.
- All 3 endpoints download same SHA256: 5b1536c4ca22bc202543afea51279c78fa6033b393e86f2b97750ddfd4d8b263
- Decoded Child contains embedded 3 encoded (simple xor) modules, #shellcode loader/#infostealer/#keylogger
- Decoded Child contains embedded 3 encoded (simple xor) modules, #shellcode loader/#infostealer/#keylogger
