Home Hacking Masslogger Trojan: Google Chrome & Microsoft Edge Can Steal Your Credentials

Masslogger Trojan: Google Chrome & Microsoft Edge Can Steal Your Credentials

Google Chrome and Microsoft Edge users need to be aware of a phishing scam that tries to spread Masslogger Trojan. This trojan was first released the earlier year and was only designed to steal sensitive login credentials from various popular apps.

The login credentials (usernames and passwords) extracted using the Masslogger Trojan can then be put up on the infamous dark web markets and hacking forums by the hackers. The hackers will be doing this in a bid to earn quick money off the dark web. Additionally, if you constantly use the same email address and password combination for several online accounts, this instance is extensively concerning. You may never know that these credentials can be copied and pasted into various other websites. The ones who will access the websites will get their hands on crucial sensitive information like social media logins, takeaway, banking profiles and online shopping data.

The security researchers from Cisco Talos had spotted the latest email phishing scam, which is solely designed from the ground-up for spreading this malicious and nefarious software furthermore. This threat had been outlined in a blog post, where the security experts had explained in detail that the attack begins when the target receives an innocuous-looking email.

This innocuous-looking mail’s email subject resembles something like a business inquiry like “Domestic Customer Inquiry” containing one bogus message. The message body looks like a legit business enquiry, while some emails also bear footer messages saying that it had been scanned for security purposes. This is just a try to give an extra touch of authenticity.

masslogger-trojan-function
Image: Hacker News

The innocuous-looking email is enough to lead the target to click on a file that has been attached along with the message. But this is where the danger lies in as this attachment bears a malignant HTML file that runs the JavaScript and kickstarts the Masslogger Trojan infection process.

The malware’s current version is mostly renowned for stealing user credentials from a diverse range of popular programmes. The applications that are much highlighted are Chromium powered browsers such as Microsoft Outlook, Microsoft Edge, NordVPN and Discord, apart from Google Chrome. 

Explaining what happens when your login credentials are stolen, Cisco Talos said: “Once the credentials from targeted applications are retrieved, they are uploaded to the exfiltration server with a filename containing the username, two-letter country ID, unique machine ID and the timestamp for when the file was created.”

“Uploaded credential files begin with the information about the user and the infected system, configuration options and processes running, followed by the retrieved credentials delimited by lines containing targeted application names.”

Whatsoever, the threat actors have been creating phishing campaigns with the phishing emails that are sent out in various languages depending on the location of the target. Some of the emails are also sent in English, especially underlining how the campaign could spread to the other regions. The simplest way to stay safe is to be on guard to any emails from unfamiliar addresses seeming suspicious.

Source: MSN


Disclaimer: Read the complete disclaimer here.

DEMARCO BERRY
Demarco Berry is a senior writer for Dark Web Link, covering security, privacy, information freedom, and hacker culture. Before coming to Dark Web Link, he worked as a senior writer for The New York magazine. Demarco has received his bachelor’s degree from Haverford College and a master’s degree from New York University’s business and economic reporting program.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

*

code

- Advertisment -

Most Popular