A recent phishing attack has been observed using a new type of information stealing malware designed to exfiltrate a wide range of sensitive information. Once initiated, the malware targets not only traditional data types like saved passwords, but also session cookies, credit card information, Bitcoin-related extensions, and browsing history. It is engineered to collect comprehensive browser information and files, and then email the stolen data to various email domains owned by the attacker. This attack highlights a notable shift in infostealer capabilities, particularly the quick exfiltration of a wide range of sensitive data. WaterISAC is sharing for member awareness of shifting threat actor tactics and capabilities. For more details, visit infosecurity Magazine or Barracuda.
H2Oex: In Person 1 day event/exercise. Thurs Dec 5th. Washington DC. Join us!