OverviewDeerStealer
is a recent and increasingly concerning information-stealing malware.
It has gained notoriety for its use of deceptive distribution methods,
specifically by disguising itself as legitimate applications such as
Google Authenticator. The malware is typically spread through fake
advertisements and malicious downloads. Once installed, DeerStealer
harvests sensitive data including login credentials, credit card
information, and personal details from infected systems. Recent Distribution CampaignA
recent malware distribution campaign involving DeerStealer was
uncovered, wherein the malware was spread via fake Google Authenticator
websites. These fake sites closely mimic the legitimate Google
Authenticator download page, tricking users into downloading what they
believe to be a legitimate application. Upon clicking the "Download"
button on these sites, users are redirected to a malicious GitHub
repository hosting the DeerStealer malware. Additionally, the site sends
the visitor’s IP address and country to a Telegram bot, likely for
victim tracking and identification. Indicators of Compromise (IOCs)File Hashes: 4640d425d8d43a95e903d759183993a87bafcb9816850efe57ccfca4ace889ec 569ac32f692253b8ab7f411fec83f31ed1f7be40ac5c4027f41a58073fef8d7d 5e2839553458547a92fff7348862063b30510e805a550e02d94a89bd8fd0768d 66282239297c60bad7eeae274e8a2916ce95afeb932d3be64bb615ea2be1e07a
Domains: authentificcatorgoolglte[.]com (Fake Google Authenticator site)chromeweb-authenticators[.]com (Another fake Authenticator site)paradiso4[.]fun (C2 domain)vaniloin[.]fun (C2 domain)
Relation to XFiles MalwareDeerStealer
has been found to share similarities with the XFiles malware family.
Both malware types use fake legitimate software sites for distribution.
However, while XFiles is a .NET-based malware employing staged C2
communication, DeerStealer is a compiled machine-code application. The
similarity in tactics suggests a potential overlap or evolution in
cybercriminal strategies. Mitigation Strategies- Avoid Clicking on Promoted Search Results:
Users should avoid clicking on ads in search results, particularly for
downloading software. Instead, navigate directly to official websites.
- Use Ad Blockers: Employing ad blockers can prevent exposure to malicious ads.
- Verify URLs: Always verify that download URLs match the official domain before downloading any software.
- Scan Downloads: Use updated antivirus software to scan all downloads before execution.
Sources
|