Security News > 2022 > May > Ukrainian CERT Warns Citizens of a New Wave of Attacks Distributing Jester Malware
The Computer Emergency Response Team of Ukraine has warned of phishing attacks that deploy an information-stealing malware called Jester Stealer on compromised systems.
The mass email campaign carries the subject line "Chemical attack" and contains a link to a macro-enabled Microsoft Excel file, opening which leads to computers getting infected with Jester Stealer.
Jester Stealer, which was first documented by Cyble in February 2022, comes with features to steal and transmit login credentials, cookies, and credit card information along with data from passwords managers, chat messengers, email clients, crypto wallets, and gaming apps to the attackers.
The Jester Stealer campaign coincides with another phishing attack that CERT-UA has attributed to the Russian nation-state actor tracked as APT28.
The emails, titled "??????????", masquerade as a security notification from CERT-UA and come with a RAR archive file "UkrScanner.rar" attachment that, when opened, deploys a malware called CredoMap v2.
"Unlike prior versions of this stealer malware, this one uses the HTTP protocol for data exfiltration," CERT-UA noted.
News URL
https://thehackernews.com/2022/05/ukrainian-cert-warns-citizens-of-new.html
Related news
- Russian Espionage Group Targets Ukrainian Military with Malware via Telegram (source)
- Russia targets Ukrainian conscripts with Windows, Android malware (source)
- VEILDrive Attack Exploits Microsoft Services to Evade Detection and Distribute Malware (source)
- Iranian Hackers Use "Dream Job" Lures to Deploy SnailResin Malware in Aerospace Attacks (source)
- Iranian Hackers Deploy WezRat Malware in Attacks Targeting Israeli Organizations (source)
- CERT-UA Warns of Phishing Attacks Targeting Ukraine’s Defense and Security Force (source)
- New IOCONTROL malware used in critical infrastructure attacks (source)
- FBI spots HiatusRAT malware attacks targeting web cameras, DVRs (source)
- Rspack npm Packages Compromised with Crypto Mining Malware in Supply Chain Attack (source)