Hacker Using Advanced ‘Screenshotter’ Malware To Attack Organisations: All Details

Last Updated: February 11, 2023, 20:26 IST

The hacker appears to be motivated by money, conducting a preliminary assessment of breached systems to determine if the target is valuable enough.

The hacker seems to be motivated by cash, conducting a preliminary evaluation of breached programs to find out if the goal is efficacious sufficient.

A brand new hacker who identifies as TA886 is focusing on organisations with a brand new ‘screenshotter’ malware for functions of surveillance and information theft.

A brand new hacker recognized as TA886 targets organisations within the US and Germany with the brand new customized malware software “Screenshotter” to perform surveillance and data theft on infected systems.

According to BleepingComputer, the previously unknown cluster of activity was first discovered by the US-based security firm Proofpoint in October 2022.

The hacker appears to be motivated by money, conducting a preliminary assessment of breached systems to determine if the target is valuable enough for further intrusion.

Moreover, the report said that the hacker targets victims using phishing emails that include Microsoft Publisher (.pub) attachments with malicious macros, URLs linking to .pub files with macros, or PDFs containing URLs that download dangerous JavaScript files.

In December 2022, the security firm reported that the number of emails sent in TA886 grew exponentially, and continued to grow in January 2023. The emails were either written in English or German, depending on the target.

If the recipients of these emails click on the URLs, a multi-step attack chain is started, which results in the download and execution of the new malware tool “Screenshotter” utilized by TA886.

This software captures JPG screenshots from the sufferer’s machine and sends them to the risk actor’s server for overview.

The attackers then manually study these screenshots to find out the worth of the sufferer, the report talked about.

Proofpoint says TA886 is actively concerned within the assaults, analysing stolen information and sending instructions to its malware at instances that correspond to a typical workday in numerous time zones.

Read all of the Latest Tech News right here

(This story has been edited by News18 employees and is printed from a syndicated news company feed)

Source web site: www.news18.com

Rating
( No ratings yet )
Loading...