Security News > 2023 > February > Hacker develops new 'Screenshotter' malware to find high-value targets
A new threat actor tracked as TA886 targets organizations in the United States and Germany with new custom malware to perform surveillance and data theft on infected systems.
The threat actor targets victims using phishing emails that include Microsoft Publisher attachments with malicious macros, URLs linking to.
If the recipients of these emails click on the URLs, a multi-step attack chain is triggered, resulting in the download and execution of "Screenshotter," one of TA886's custom malware tools.
Proofpoint says TA886 is actively involved in the attacks, checking the stolen data and sending commands to its malware during times that resemble a regular workday in the UTC+2 or UCT+3 time zone.
Proofpoint has attempted to find overlaps and similarities with past reports describing similar TTPs, but it could not make any definitive connections.
TA886 attacks are still underway, and Proofpoint warns that Active Directory profiling should be a cause of concern, as it could compromise all domain-joined hosts with information-stealing malware.
News URL
Related news
- Chinese Hackers Exploiting Ivanti VPN Flaws to Deploy New Malware (source)
- Hackers Exploit ConnectWise ScreenConnect Flaws to Deploy TODDLERSHARK Malware (source)
- Hackers target Docker, Hadoop, Redis, Confluence with new Golang malware (source)
- Magnet Goblin hackers use 1-day flaws to drop custom Linux malware (source)
- Hackers exploit WordPress plugin flaw to infect 3,300 sites with malware (source)
- Hackers leverage 1-day vulnerabilities to deliver custom Linux malware (source)
- Hackers abuse Windows SmartScreen flaw to drop DarkGate malware (source)
- Hackers exploit Windows SmartScreen flaw to drop DarkGate malware (source)
- Week in review: Cybersecurity job openings, hackers use 1-day flaws to drop custom Linux malware (source)
- Hackers Using Sneaky HTML Smuggling to Deliver Malware via Fake Google Sites (source)