logo
Questions? +1 (202) 335-3939 Login
Set Up FREE Account Submit Release
Trusted News Since 1995
A service for technology industry professionals · Wednesday, July 31, 2024 · 731,917,197 Articles · 3+ Million Readers
Got News to Share? Send 2 FREE Releases
News Search | All News Topics > Smartwatch News Topics: By Country | By State ; Press Releases by Industry Channel > All Smartwatch Press Releases

ANY.RUN Uncovers DeerStealer Malware Campaign Exploiting Fake Google Authenticator Websites

DUBAI, DUBAI, UNITED ARAB EMIRATES, July 31, 2024 /EINPresswire.com/ -- ANY.RUN, a trusted provider of cybersecurity solutions, has revealed a new malware distribution campaign. This campaign uses fake Google Authenticator websites to spread DeerStealer malware.

𝐃𝐞𝐞𝐫𝐒𝐭𝐞𝐚𝐥𝐞𝐫: 𝐀 𝐍𝐞𝐰 𝐓𝐡𝐫𝐞𝐚𝐭 𝐃𝐢𝐬𝐠𝐮𝐢𝐬𝐞𝐝 𝐚𝐬 𝐆𝐨𝐨𝐠𝐥𝐞 𝐀𝐮𝐭𝐡𝐞𝐧𝐭𝐢𝐜𝐚𝐭𝐨𝐫

DeerStealer, detected by ANY.RUN's expert team, is distributed through fraudulent websites designed to mimic official Google Authenticator websites. These deceptive sites trick users into downloading malware. When users click the Download button, their information is sent to a Telegram bot named Tuc-tuc before the malware is downloaded from GitHub.

𝐈𝐧-𝐃𝐞𝐩𝐭𝐡 𝐀𝐧𝐚𝐥𝐲𝐬𝐢𝐬 𝐨𝐟 𝐃𝐞𝐞𝐫𝐒𝐭𝐞𝐚𝐥𝐞𝐫

ANY.RUN’s team conducted a comprehensive analysis of the DeerStealer malware. Key findings include:
• Fake site analysis: Attackers are using websites mimicking legitimate Google pages, tricking users into downloading the malware.
• Telegram bot logging: The bot logs visitor information, including IP addresses and countries.
• Stealer on GitHub: The malware, hosted on GitHub, is written in Delphi and executes directly in memory, employing obfuscation techniques to avoid detection.
• C2 communication: The malware communicates with a C2 server, sending encrypted data using single-byte XOR encryption.

𝐈𝐦𝐩𝐥𝐢𝐜𝐚𝐭𝐢𝐨𝐧𝐬 𝐟𝐨𝐫 𝐂𝐲𝐛𝐞𝐫𝐬𝐞𝐜𝐮𝐫𝐢𝐭𝐲 𝐏𝐫𝐨𝐟𝐞𝐬𝐬𝐢𝐨𝐧𝐚𝐥𝐬

Cybersecurity experts can use this analysis to study the behavior of the DeerStealer malware and collect Indicators of Compromise (IOCs) identified by ANY.RUN's experts.

For more information on the malware campaign, visit the ANY.RUN blog.

𝐀𝐛𝐨𝐮𝐭 𝐀𝐍𝐘.𝐑𝐔𝐍

ANY.RUN offers a comprehensive suite of cybersecurity products, including an interactive sandbox and a Threat Intelligence portal. Trusted by over 400,000 professionals globally, the sandbox provides an efficient and user-friendly platform for analyzing malware targeting both Windows and Linux systems. Additionally, ANY.RUN's Threat Intelligence services, comprising Lookup, Feeds, and YARA Search, enable users to gather critical information about threats and respond to incidents with enhanced speed and accuracy.

The ANY.RUN team
ANYRUN FZCO
+1 657-366-5050
email us here
Visit us on social media:
X

Powered by EIN Presswire
Distribution channels: Business & Economy, Companies, IT Industry, Science, Technology


EIN Presswire does not exercise editorial control over third-party content provided, uploaded, published, or distributed by users of EIN Presswire. We are a distributor, not a publisher, of 3rd party content. Such content may contain the views, opinions, statements, offers, and other material of the respective users, suppliers, participants, or authors.

Submit your press release

Smartwatch News Today by EIN Newsdesk & EIN Presswire (a press release distribution service)

Follow us on Facebook & Twitter and connect with us on LinkedIn

Newsmatics Inc., 1025 Connecticut Avenue NW, Suite 1000, Washington, DC 20036 · Contact · About

© 1995-2024 Newsmatics Inc., a publisher of EIN News · All Rights Reserved · Privacy Policy · User Agreement