THREAT LEVEL - HIGH

10-07-2023

Credential/Info Stealing Malware Families are targeting Cypriot Citizens

Threat Level Description 

Threat Level: High – An attack is highly likely. Additional and sustainable protective security measures reflecting the broad nature of the threat combined with specific business and geographical vulnerabilities and judgments on acceptable risk.

 

Description 

There are various indications suggesting that active malware campaigns are on the rise and targeting Cypriot citizens and organizations.

More specifically, these types of malware are credential/information stealers and have leaked in the DarkNet passwords of users associated with a number of Government portals and Financial institutions.

Two malware families seem to be more actively leveraged in these campaigns:

  • Raccoon Stealer is a malware that gathers personal information including passwords, browser cookies and autofill data, as well as crypto wallet details. Additionally, Raccoon Stealer records system information such as IP addresses and geo-location data.
  • RedLine Stealer was first seen around March 2020, a powerful data collection tool, capable of extracting login credentials from a wide range of sources, including web browsers, FTP clients, email apps, Steam, instant messaging clients, and VPNs

The leaked credentials are distributed in several DarkNet forums and, when accessed and used, can disclose sensitive information of the unaware users, such as financial status, tax information, personal information and more.

 

CVE(s)

N/A

 

Affected Systems 

  • Microsoft Windows

 

Recommendation(s) 

Users should proceed and apply all security patches on their operating systems and software used.
Users should install antivirus protection on their systems and scan them periodically.
Vendors should provide and enforce MFA feature on portals that have sensitive/personal information.
Users should enable MFA on portals that provide this functionality.
Vendors should force users to change their passwords periodically by leveraging best practices for passwords.
Users should change their passwords periodically.

 

References

IthacaLabs Incident Response and Threat Intelligence Services

SIGN UP

Get the latest Threat Alerts in your inbox.

We are committed to protecting your privacy and complying with the General Data Protection Regulation (GDPR). By completing this form, you consent to the collection and processing of your personal data for the purpose of processing your inquiry. Your data will be handled securely and will not be shared with third parties without your explicit consent. You have the right to access, rectify, or delete your personal data at any time by contacting us at [email protected]. For more information on how we handle your data, please refer to our Privacy Notice