An updated version of the CopperStealer malware has been distributed by several websites that host fake cracks for applications and software. Based on reports, these programs are exploited by malicious entities to deploy cybercriminal attacks.
The recent campaign showed that the hackers had taken advantage of the demand for cracked apps and software by providing fake ones that contained malware. Subsequently, the infection will start with a website or channel like Telegram that offers fake cracks for downloading and installing any demanded apps.
The downloaded archive includes a text file with a password and an encrypted archive. Once the provided password is entered, it will decrypt the archive, and the archive will show the executable file.
This attack highlighted that two payloads are being deployed for this attack, including the Vidar stealer and the CopperStealer. The campaign can cause money loss, identity theft, system infection, and severe privacy concerns among its victims.
Researchers noted that the primary function of CopperStealer is to steal troves of data such as usernames, passwords, other login information, and internet cookies saved from browsers.
However, the payload prioritises targeting login information for Instagram and Facebook accounts with a business focus. Other strains of CopperStealer also steal login information for additional services or platforms such as Twitter, Tumblr, Amazon, Apple, and Bing.
For the browsers, Chrome, MS Edge, Firefox, Opera, and Yandex, are among the most attacked by the malware for Facebook info stealing attacks.
On the other hand, pirated software and targeted phishing attacks are the primary transmitters for spreading this malware. Vidal stealers can steal various details such as files, usernames, passwords, and credit cards. However, the ability that sets it apart from CopperStealer is that it can take screenshots of its targeted desktop.
Threat actors can utilise data stealers like those mentioned earlier to steal critical information for malicious purposes. Therefore, users should always avoid downloading cracks from third-party websites and enable security detection and prevention solutions to protect systems from such attacks.
