HQ/EMEAFind out how we can help your business
Researchers discovered a new malicious tool called the OpcJacker malware, which could steal information. Based on reports, this malware has been part of a widespread malvertising campaign since the 2nd half of 2022.
The latest malware sample analysis showed that the tool includes keylogging, taking screenshots, deploying additional modules, and compromising crypto addresses in a clipboard.
In addition, the initial transmitter of the campaign includes a network of infectious websites that advertises malicious software and crypto-related apps. The malware operators also conducted a drive a few months ago that exclusively targeted Iranian users. The operation offered a VPN service, which turned out to be a vector for malware deployment.
Moreover, the installer archives behave as an outlet to launch the OpcJacker malware, which could also deliver next-stage payloads such as NetSupport RAT and an hVNC variant for remote access.
The OpcJacker malware actors used a crypter to obfuscate their malicious weapon.
According to investigations, the threat actors used the crypter, Babadeda, to obfuscate the OpcJacker malware. The crypter allowed the actors to configure files and activate its data harvesting ability. Some researchers also discovered that the crypter could operate arbitrary shellcode and executables.
A separate researcher explained that the configuration file format used by the actors resembled a bytecode coded in a custom machine language. The machine executes each instruction and acquires individual opcodes and the specific handler.
The ability of this payload and the method of these attacks show that the threat actors’ primary objective is acquiring colossal profit. Hence, the OpcJacker malware’s versatile ability could also be a malware loader.
These findings appeared as the researchers released a detailed observation of the ongoing cybercriminal activity called “TACTICAL#OCTOPUS.” This recent campaign targets United States organisations with lures about taxes to infect them with malicious backdoors and gain initial access to the targeted systems.
Cybersecurity experts warn users and organisations to be wary of these current threats since the tools used in these attacks contain multiple capabilities that could allow their operators numerous abilities.
Companies should always adopt competent security defences and employ anti-malware solutions.
