MassLogger Windows credential stealer has made a comeback, and it has been upgraded to steal credentials from Chrome, Outlook, and instant messenger apps.
Experts at Cisco Talos uncovered attacks against users in Italy, Turkey, and Latvia. The infections have some similarities with attacks that targeted users in Lithuania, Hungary, Bulgaria, Estonia, Spain, and Romania, in September, October, and November 2020.
As per the analysis published by Cisco Talos, “Although operations of the Masslogger trojan have been previously documented, we found the new campaign notable for using the compiled HTML file format to start the infection chain. This file format is typically used for Windows Help files, but it can also contain active script components, in this case, JavaScript, which launches the malware’s processes.”
To Read More: SecurityAffairs