March 22, 2024
Severity High Analysis Summary Ducktail Malware is a malicious program designed by hackers to infiltrate computers and networks globally. Ducktail malware is typically delivered through a […]
Rewterz Threat Advisory – CVE-2024-0769 – D-Link DIR-859 Vulnerability
January 24, 2024
Rewterz Threat Advisory – Multiple Google Chrome Vulnerabilities
January 24, 2024
Rewterz Threat Advisory – CVE-2024-0769 – D-Link DIR-859 Vulnerability
January 24, 2024
Rewterz Threat Advisory – Multiple Google Chrome Vulnerabilities
January 24, 2024
Severity
High
Analysis Summary
MetaStealer – a newly developed data-stealing malware spreads via a vast spam campaign. The spam campaign starts with an attachment in an email (a malicious MS Excel file). The creator of this malware attaches a malicious Microsoft Excel document called transfer “info2460.xls” (name may differ) to an email disguised as a letter about an approved transaction. After that, this malicious document infects a machine with MetaStealer after enabling macros commands. This type of malware harvests login information, credit card details, and other sensitive information. Their goal is to hijack online accounts and make unauthorized transactions and purchases.
Impact
- Credential theft
- Unauthorized Access
Indicators of Compromise
Domain Name
- ykqmwgsuummieaug.xyz
- kiyaqoimsiieeyqa.xyz
MD5
- f6324b9a542177157381f2b9c7ff203c
- 01b235b68ee7ef451a75ca5f9e6fa3ee
SHA-256
- 710191b05ec3faf6012bad12e6d66a638301da9c6f0b6a14413b716023c1fcfb
- 1ed0b21cba44b2511d574d81bc328e7bd6f498c552ff0f0beaa7aad2d98e522d
SHA-1
- a2fbd3199b2520d5351cbd48d3fa19d6580755b0
- 4ed11c9b0703df4bb316ea00c6407e47572e6315
Remediation
- Block all threat indicators at your respective controls.
- Search for Indicators of compromise (IOCs) in your environment utilizing your respective security controls.
- Emails from unknown senders should always be treated with caution.
- Check for any unauthorized transactions or activities on your financial accounts and report any suspicious activities to the respective authorities.
- Ensure that your operating system and all applications are up to date with the latest security patches and updates to prevent vulnerabilities that can be exploited by malware.
- Implement two-factor authentication for your online accounts to provide an additional layer of security.
- Avoid downloading and installing pirated software, as these sites are often a source of malware infections.
- Educate yourself and your employees on safe computing practices, such as being cautious when opening emails and downloading attachments, to prevent future infections.