GIFTEDCROOK Malware Spies on Users Globally
GIFTEDCROOK, a crafty malware, spies on users with upgraded features since June 2025. It shifts from stealing browser data to gathering intelligence. For example, it targets Ukrainian military and government bodies. This threat endangers sensitive information worldwide.
How the Attack Starts
Attackers send phishing emails with macro-laced Excel files. Victims click Mega links to download the malware. Additionally, macros trigger the infection process. Consequently, it infiltrates devices unnoticed.
Malware Capabilities
GIFTEDCROOK steals cookies and browsing history. It grabs documents under 7 MB, like PDFs and spreadsheets. For instance, it hunts files modified in the last 45 days. As a result, it collects valuable intelligence.
Delivery and Evolution
The malware evolved from a 2025 demo to versions 1.2 and 1.3. It uses military-themed PDFs as lures. A report notes it exfiltrates data to Telegram in ZIP files. Therefore, its tactics grow more advanced.
Targeting and Impact
It focuses on Ukrainian governmental entities. Attackers aim to steal proprietary files and secrets. Moreover, it aligns with geopolitical events. This exposes critical sectors to espionage risks.
Broader Cyber Threats
Similar malware targets public sector networks. They exploit macro-enabled files to bypass filters. For example, phishing lures mimic official documents. As a result, defenses face rising challenges.
Challenges for Detection
The small ZIP chunks evade network scans. Macros slip past traditional security. Additionally, Telegram hides exfiltration. This demands sophisticated tools to track the malware.
Preventing GIFTEDCROOK Attacks
To stop GIFTEDCROOK, avoid opening unknown email attachments. For example, disable macros in Office files. Use updated antivirus software and monitor network traffic. Additionally, train staff on phishing signs. These steps help protect sensitive data from spies.
Sleep well, we got you covered.
