Cybersecurity experts reported the detection of a new version of MassLogger, a dangerous Trojan used for credential theft through phishing campaigns in Chrome, Outlook, messaging apps and other platforms.
The main focus of activity has been detected in some countries in Europe, including Spain, Italy, Russia and Turkey. In the detected attacks it was discovered that MassLogger hides your malicious RAR files by initiating the infection, which helps hackers avoid security mechanisms on the target system. This is a feature recently added to the Trojan.
MassLogger operators employ a multimodular approach that starts with the deployment of the phishing campaign and extends to the removal of a final payload. While these are complex techniques, this could also be an advantage for researchers, who could disrupt the chain of attack.
About malware, experts mention that MassLogger is an espionage software that can extract user credentials from multiple platforms, including Chrome and Outlook. The new variant is based on .NET, which can make static analysis difficult. Although initially detected almost a year ago, the new variant is much more powerful as malware authors have successfully redesigned it to evade detection.
In this campaign, in addition to exfiltrating data via FTP, SMTP or HTTP, MassLogger v3.0.7563.31381 contains additional functionality for the theft of credentials from platforms such as Discord, Firefox, Chrome, Edge, Brave, among other services. This malware can also be configured as a keylogger, but this functionality has not been identified in this campaign.
To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) website.
He is a cyber security and malware researcher. He studied Computer Science at Miami and started working as a cyber security analyst in 2008. He is actively working as an cyber security investigator. He also worked for security companies like Cisco. His everyday job includes researching about new cyber security incidents. Also he has deep level of knowledge in enterprise security implementation.