A new malware strain capable of stealing user credentials from Google, Facebook, Amazon, Apple and other online services has just be found.
The name of this vicious malware, CopperStealer, was given by a group of researchers at Proofpoint, a cybersecurity firm.
The firm has said that CopperStealer seems to be distributed through fake software crack sites. Proofpoint confirmed that it targets users of major service providers, including Google, Facebook, Amazon, and Apple”. CopperStealer contains a download feature that allows its operators to deliver additional malicious payloads to infected devices.
During its investigation, Proofpoint noticed that the malware uses many of the same targeting and delivery methods as the Chinese-sourced malware family, “SilentFade”.
“SilentFade”, which Facebook first reported in 2019, was responsible for over $4m in damages. For this reason, Proofpoint believes that CooperStealer is a previously undocumented family within the same class of malware as SilentFade, StressPaint, FacebookRobot and Scranos.
During its analysis, Proofpoint confirmed that the malware targets business and advertiser accounts on Facebook and Instagram. The firm also identified additional versions of the malware which targets Bing, PayPal, Tumblr and Twitter.
Proofpoint worked with researchers at Facebook, Cloudflare and other services to coordinate disruptive action. For instance, Cloudflare placed a warning interstitial page in front of the malicious domains and created a sinkhole for two of the sites before they could be registered by the threat actor.
A sinkhole is a method used to limit an attacker’s ability to collect data on victims while also enabling researchers to gain visibility into victim demographics. During the sinkhole’s first 24 hours of operation, it logged 69,992 HTTP requests from 5,046 unique IPs originating from 159 different countries with the top five countries based on unique infections being India, Indonesia, Brazil, Pakistan and The Philippines.
Prevention they say is better. So as not to fall victim to CooperStealer, avoid visit sites like KeyGen and crack sites to pirate software. The reason is, the CooperStealer malware itself is distributed on suspicious websites advertised as KeyGen and crack sites such as keygenninja[.]com, piratewares[.]com, startcrack[.]com, and crackheap[.]net.
Account stealing malware like this one is providing the scammers with the necessary tools for creating impersonation attacks and identity theft fraud.
1 Comment
Pingback: "Camera Quality" or "Storage Space" — How Do You Choose the Perfect Smartphone for You? - Innovation Village | Technology, Product Reviews, Business