CP
cyberpings
Malware & RansomwareHIGH

GlassWorm Malware - New RAT Delivers Data Theft via Solana

THThe Hacker News
GlassWormRemote Access Trojandata theftSolanaGoogle Chrome
🎯

Basically, a new malware steals your data by pretending to be a Google Docs app.

Quick Summary

A new version of GlassWorm malware is stealing sensitive data using a RAT disguised as Google Docs. Developers and cryptocurrency users are at risk. Stay alert and verify your downloads to protect your data.

What Happened

Cybersecurity researchers have uncovered a new evolution of the GlassWorm malware campaign. This latest version employs a multi-stage framework that not only installs a Remote Access Trojan (RAT) but also facilitates extensive data theft. The malware masquerades as an offline version of Google Docs, allowing it to log keystrokes, capture screenshots, and exfiltrate sensitive data from compromised systems.

The attack begins with rogue packages published across platforms like npm and GitHub. Once installed, the malware utilizes Solana blockchain transactions as a method to fetch its command-and-control (C2) server details, enabling it to download tailored payloads for different operating systems. This stealthy approach allows the attackers to avoid detection while infiltrating systems.

Who's Being Targeted

The GlassWorm campaign primarily targets developers and users who download packages from popular repositories. By compromising project maintainers' accounts, attackers push malicious updates that infect unsuspecting users. The malware is particularly careful to avoid systems with a Russian locale, indicating a targeted approach in its attack strategy.

Once installed, the RAT can execute various commands on the compromised system. It specifically targets web browsers and cryptocurrency wallets, making it a significant threat for users who engage in online banking or cryptocurrency transactions. The malware's ability to bypass security measures makes it a formidable adversary.

Signs of Infection

Indicators of infection include unexpected browser behavior, such as unauthorized extensions being installed or strange pop-up windows appearing. Users may also notice unusual activity in their cryptocurrency wallets or receive phishing prompts that mimic legitimate applications. The malware's RAT component is designed to maintain persistence, often re-launching itself if closed.

To protect against infection, users should be vigilant about the software they install and regularly check for unauthorized extensions in their browsers. Additionally, monitoring wallet activity for unauthorized transactions is crucial.

How to Protect Yourself

To safeguard against the GlassWorm malware, users should take proactive measures:

  • Verify Sources: Always check the publisher names and histories of packages before installation.
  • Use Security Tools: Employ tools like glassworm-hunter, an open-source Python tool designed to scan for GlassWorm-related payloads without making network requests.
  • Stay Informed: Follow cybersecurity updates and advisories to stay aware of emerging threats.

By practicing caution and employing security measures, users can significantly reduce their risk of falling victim to the GlassWorm malware campaign.

🔒 Pro insight: The use of Solana as a dead drop resolver marks a notable evolution in malware delivery methods, complicating detection efforts.

Original article from

The Hacker News

Read Full Article

Share

Related Pings

HIGHMalware & Ransomware

Infostealer Malware - Rapidly Exposes Data on Dark Web

New research reveals infostealer malware can expose corporate data on the dark web within 48 hours. This rapid cycle poses serious risks to organizations. Immediate action is needed to safeguard sensitive information and prevent exploitation.

Cyber Security News·
HIGHMalware & Ransomware

Malware - Russian Botnet Operator Sentenced for Ransomware

Ilya Angelov, a Russian hacker, has been sentenced for managing a botnet that aided ransomware attacks. His actions led to significant losses for U.S. companies. This case underscores the ongoing threat of cybercrime and the importance of cybersecurity measures.

The Record·
HIGHMalware & Ransomware

Malware - AI-Assisted ‘OpenClaw Trap’ Campaign Targets Users

A new malware campaign called OpenClaw Trap is targeting developers and gamers via fake GitHub repositories. This sophisticated trojan evades security measures, posing significant risks. Users who downloaded from affected repos should act quickly to secure their systems.

Cyber Security News·
HIGHMalware & Ransomware

Malware - Russian Cybercriminal Ilya Angelov Sentenced

Ilya Angelov, a Russian hacker, was sentenced to two years in prison for running a botnet that spread ransomware. His actions impacted over 70 U.S. corporations, highlighting the ongoing threat of cybercrime. The case underscores the need for stronger cybersecurity measures across industries.

SecurityWeek·
HIGHMalware & Ransomware

Malware - Russian Hacker Sentenced for Ransomware Attacks

A Russian hacker has been sentenced to two years for managing a botnet that launched ransomware attacks on U.S. companies. This case highlights the ongoing threat of cybercrime and the significant financial impact on businesses. As cybercriminals grow more sophisticated, organizations must bolster their defenses against such attacks.

The Hacker News·
HIGHMalware & Ransomware

Malware - Five Malicious npm Packages Target Crypto Developers

Five malicious npm packages have been found targeting crypto developers, stealing private wallet keys and sending them to a Telegram bot. This poses a significant supply chain threat to the crypto community. Developers are urged to take immediate action to secure their wallets and keys.

Cyber Security News·