HQ/EMEAFind out how we can help your business
The sophisticated information stealer, DarkCloud Stealer, targets numerous businesses worldwide through spam campaigns. Based on reports, the malware executes through a multi-stage process and could collect critical information from a targeted computer or mobile device.
The infection process starts with a phishing email that contains a malicious attachment. Moreover, the email claims to be from a verified company like a business supplier and online retailer.
A researcher stated that it had discovered a sample email from the hackers that initially distributed a dropper. The dropper copies itself into the system directory and generates a task scheduler entry to establish persistence upon execution.
After deployment, the dropper then loads the last payload coded in VB into the memory of an already operational process. The VB file contains a PK file with an executable archive with the source code for the Dark Stealer payload.
Subsequently, the executable starts to harvest data from several apps installed on a targeted machine and exfiltrate it to the command-and-control server via Telegram, SMTP, FTP, and Web Panel.
The DarkCloud Stealer has numerous capabilities for information-gathering attacks.
The DarkCloud Stealer has various abilities that a sophisticated infostealer uses, such as capturing screenshots, information gathering, data retrieval, and clipboard activities monitoring.
This information-stealing malware claims that it targets different apps that support critical data. In a recent study, the confirmed apps targeted by this malicious entity are Chromium-based web browsers, CoreFTP, NordVPN, Internet Explorer, MS Edge, FileZilla, and Pidgin vaults.
Furthermore, it could target certain file types from the targeted system and open critical information from crypto apps. In addition, the DarkCloud Stealer offers its operators a crypto-swapping ability for well-known cryptocurrency platforms such as Bitcoin, Bitcoin cash, Ripple, and Ethereum.
Cybersecurity experts explained that the sophisticated DarkCloud Stealer has already established a list of its targets and numerous tools for adapting to different situations. Users and business firms globally should follow and employ competent security protocols to prevent such attacks and mitigate any damage caused by an operation.
Users should also consider adopting intelligent antivirus and anti-phishing solutions for a robust security protocol with a multi-layered defence mechanism.
