Dashlane mac app9/27/2023 The main functions of OpcJacker include keylogging, screenshot snapping, stealing data stored in web browsers, performing clipboard hijacking to divert cryptocurrency payments, and loading additional modules from the C2.Īdditionally, OpcJacker can establish persistence on the compromised system by performing the necessary registry modifications on Windows. Interestingly, at this stage, the site checks the victim’s IP address, and if it finds that they use a legitimate VPN service, the redirection doesn’t happen, and the attack does not proceed. To evade getting banned from Google’s automated security crawlers, the victims download the malicious archive from a second website, where they land after a redirection when clicking on the “Get Started” button on the landing page. The site used by the threat actors was copied from a legitimate VPN service provider, and the file the victims download from it contains a VPN installer, but it’s trojanized with malware too. Starting in February 2023, the threat actors adopted an infection chain that relies on malvertisments promoting a VPN service. OpcJacker has been spread via various campaigns, previously abusing known cryptocurrency wallet apps. OpcJacker was discovered by experts at cybersecurity firm Trend Micro, who report that it first appeared in the wild in the second half of 2022, and it is still actively distributed through malvertizing. A new malware named OpcJacker has been using the disguise of a VPN to trick users into downloading and running it on their system.
0 Comments
Leave a Reply.AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |