Phishing Campaign
A new phishing campaign hits agencies. It uses SVG files to deliver CountLoader. For example, it drops Amatera Stealer. The attacks began in 2025.
Emails pose as official notices. They contain malicious SVG attachments. Consequently, users open ZIP archives. This triggers the infection chain.
The ZIP file holds a CHM file. It launches CountLoader via scripts. For instance, it deploys fileless malware. This evades traditional detection.
Amatera Stealer Features
Amatera Stealer collects system data. It targets browsers and apps. Moreover, it steals crypto wallet info. This compromises user accounts.
PureMiner mines cryptocurrency stealthily. It runs in memory. Therefore, it avoids disk-based scans. This maximizes its impact.
Both malware link to PureCoder. This includes tools like PureRAT. For example, PureRAT offers remote control. It supports financial theft.
Multi-Layered Attacks
The campaign uses layered payloads. It employs process hollowing. Additionally, it bypasses antivirus checks. This ensures persistence.
A similar group targets users with fake notices. It deploys PXA Stealer and PureRAT. For instance, it uses ZIP files. This shows evolving tactics.
Attackers use in-memory execution. They employ basic obfuscation. Moreover, they adapt commodity malware. This complicates analysis.
The campaign focuses on government bodies. It aims for sensitive data. Therefore, it poses a significant risk. Other sectors may be next.
Preventing Phishing Attacks
To stop these attacks, avoid opening unknown attachments. Use advanced email filters. Additionally, real-time threat monitoring detects scripts. Cybersecurity training helps spot fakes. By staying vigilant, users can protect systems.
Sleep well, we got you covered.
