Security News > 2023 > May > CopperStealer Malware Crew Resurfaces with New Rootkit and Phishing Kit Modules

The threat actors behind the CopperStealer malware resurfaced with two new campaigns in March and April 2023 that are designed to deliver two novel payloads dubbed CopperStealth and CopperPhish.

Active since at least 2021, Water Orthrus has a track record of leveraging pay-per-install networks to redirect victims landing on cracked software download sites to drop an information stealer codenamed CopperStealer.

"These payloads are responsible for downloading and running additional tasks. The rootkit also blocks access to blocklisted registry keys and prevents certain executables and drivers from running."

The downloader service, which is also offered on a PPI basis, is then used to retrieve and launch CopperPhish, a phishing kit that's responsible for harvesting credit card information.

Providing the correct confirmation code also causes the malware to uninstall itself and delete all the dropped phishing files from the machine.

"The credential verification and confirmation code are two useful features that make this phishing kit more successful, as the victim cannot simply close the window or enter fake information just to get rid of the window," the researchers said.

News URL

https://thehackernews.com/2023/05/water-orthrus-copperstealer-malware.html