Google Chrome and Microsoft Edge users need to be aware of a phishing scam that tries to spread Masslogger Trojan. This trojan was first released the earlier year and was only designed to steal sensitive login credentials from various popular apps.
The login credentials (usernames and passwords) extracted using the Masslogger Trojan can then be put up on the infamous dark web markets and hacking forums by the hackers. The hackers will be doing this in a bid to earn quick money off the dark web. Additionally, if you constantly use the same email address and password combination for several online accounts, this instance is extensively concerning. You may never know that these credentials can be copied and pasted into various other websites. The ones who will access the websites will get their hands on crucial sensitive information like social media logins, takeaway, banking profiles and online shopping data.
The security researchers from Cisco Talos had spotted the latest email phishing scam, which is solely designed from the ground-up for spreading this malicious and nefarious software furthermore. This threat had been outlined in a blog post, where the security experts had explained in detail that the attack begins when the target receives an innocuous-looking email.
This innocuous-looking mail’s email subject resembles something like a business inquiry like “Domestic Customer Inquiry” containing one bogus message. The message body looks like a legit business enquiry, while some emails also bear footer messages saying that it had been scanned for security purposes. This is just a try to give an extra touch of authenticity.
The malware’s current version is mostly renowned for stealing user credentials from a diverse range of popular programmes. The applications that are much highlighted are Chromium powered browsers such as Microsoft Outlook, Microsoft Edge, NordVPN and Discord, apart from Google Chrome.
Explaining what happens when your login credentials are stolen, Cisco Talos said: “Once the credentials from targeted applications are retrieved, they are uploaded to the exfiltration server with a filename containing the username, two-letter country ID, unique machine ID and the timestamp for when the file was created.”
“Uploaded credential files begin with the information about the user and the infected system, configuration options and processes running, followed by the retrieved credentials delimited by lines containing targeted application names.”
Whatsoever, the threat actors have been creating phishing campaigns with the phishing emails that are sent out in various languages depending on the location of the target. Some of the emails are also sent in English, especially underlining how the campaign could spread to the other regions. The simplest way to stay safe is to be on guard to any emails from unfamiliar addresses seeming suspicious.
Disclaimer: Read the complete disclaimer here.