Security News > 2022 > June > XFiles info-stealing malware adds support for Follina delivery
The XFiles info-stealer malware has added a delivery module that exploits CVE-2022-30190, aka Follina, for dropping the payload on target computers.
In the case of the XFiles malware, researchers at Cyberint noticed that recent campaigns delivering the malware use Follina to download the payload, execute it, and also create persistence on the target machine.
After the infection process has been completed, XFiles begins typical info-stealer malware operations like targeting cookies, passwords, and history stored in web browsers, cryptocurrency wallets, taking screenshots, and looking for Discord and Telegram credentials.
One notable recruitment was that of the author of the 'Whisper Project', an info-stealer that was quickly gaining traction in the cybercrime underground but was suddenly discontinued when the creator joined XFiles.
The new mining tool is sold for 500 rubles, which is as much as XFiles charges for one month of renting the info-stealer.
In conclusion, the gang appears to be growing bigger and more prolific, recruiting talented malware authors to offer their users more "Ready to deploy" tools that don't require experience or coding knowledge.
News URL
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-06-01 | CVE-2022-30190 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Microsoft products A remote code execution vulnerability exists when MSDT is called using the URL protocol from a calling application such as Word. | 7.8 |