The "New MetaStealer" malvertising campaigns involve the distribution of a piece of malware called MetaStealer through malicious online advertisements. MetaStealer is a type of info-stealer malware that is designed to exfiltrate sensitive information from infected systems. The campaigns have been observed leveraging previous code base from RedLine and have been distributed through various channels, including malspam and malvertising. The developers of MetaStealer have announced the release of a new and improved version of the malware, indicating ongoing development and potential future threats. The campaigns have targeted users through ads for popular software such as Notepad++ and AnyDesk. These malvertising campaigns represent a significant threat to online security, as they can lead to the compromise of sensitive information and the potential for further malicious activity.
IoC
MD5
- 2a4b0b65897e7fd494ad0aced7f42aeb
- 8ba7059cc766798bc3993b720f561c11
SHA1
- 7cdcbd78194eeaa4e3793c5b19d84537ff71bb3c
- 891ad3e89d469f55245738a99c3e71e8a2a4fa42
SHA256
- 949c5ae4827a3b642132faf73275fb01c26e9dce151d6c5467d3014f208f77ca
- 99123063690e244f95b89d96759ec7dbc28d4079a56817f3152834047ab047eb
- c5597da40dee419696ef2b32cb937a11fcad40f4f79f9a80f6e326a94e81a90f
URL
- http://rawnotepad.com/notepad++.zip
- http://startworkremotely.com/Anydesk.zip
DOMAIN
- cewgwsyookogmmki.xyz
REFERENCES
- https://cyware.com/news/new-metastealer-malvertising-campaigns-spotted-f4f882cc
- https://www.malwarebytes.com/blog/threat-intelligence/2023/12/new-metastealer-malvertising-campaigns
- https://www.malwarebytes.com/blog/threat-intelligence/2023/12/new-metastealer-malvertising-campaigns/amp
- https://otx.alienvault.com/pulse/658469e72f85cfbf44de42a6
TAGS
metastealer, malvertising
No comments:
Post a Comment