Security News > 2023 > August > New Malware Campaign Targets Inexperienced Cyber Criminals with OpenBullet Configs

A new malware campaign has been observed making use of malicious OpenBullet configuration files to target inexperienced cyber criminals with the goal of delivering a remote access trojan capable of stealing sensitive information.

OpenBullet is a legitimate open-source pen testing tool used for automating credential stuffing attacks.

This flexibility can also be a double-edged sword, as it opens up a new vector, only it targets other criminal actors who are actively seeking such configuration files on hacking forums.

The campaign discovered by Kasada employs malicious configs shared on a Telegram channel to reach out to a GitHub repository to retrieve a Rust-based dropper called Ocean that's designed to fetch the next-stage payload from the same repository.

The executable, a Python-based malware referred to as Patent, ultimately launches a remote access trojan that utilizes Telegram as a command-and-control mechanism and issues instructions to capture screenshots, list directory contents, terminate tasks, exfiltrate crypto wallet information, and steal passwords and cookies from Chromium-based web browsers.

"The distribution of the malicious OpenBullet configs within Telegram is a novel infection vector, likely targeting these criminal communities due to their frequent use of cryptocurrencies," the researchers said.

News URL

https://thehackernews.com/2023/08/new-malware-campaign-targets.html