You are currently viewing Hacker Using Advanced ‘Screenshotter’ Malware To Attack Organisations: All Details

Hacker Using Advanced ‘Screenshotter’ Malware To Attack Organisations: All Details


Last Updated: February 11, 2023, 20:26 IST

The hacker appears to be motivated by money, conducting a preliminary assessment of breached systems to determine if the target is valuable enough.

A new hacker who identifies as TA886 is targeting organisations with a new ‘screenshotter’ malware for purposes of surveillance and data theft.

A new hacker identified as TA886 targets organisations in the US and Germany with the new custom malware tool “Screenshotter” to perform surveillance and data theft on infected systems.

According to BleepingComputer, the previously unknown cluster of activity was first discovered by the US-based security firm Proofpoint in October 2022.

The hacker appears to be motivated by money, conducting a preliminary assessment of breached systems to determine if the target is valuable enough for further intrusion.

Moreover, the report said that the hacker targets victims using phishing emails that include Microsoft Publisher (.pub) attachments with malicious macros, URLs linking to .pub files with macros, or PDFs containing URLs that download dangerous JavaScript files.

In December 2022, the security firm reported that the number of emails sent in TA886 grew exponentially, and continued to grow in January 2023. The emails were either written in English or German, depending on the target.

If the recipients of these emails click on the URLs, a multi-step attack chain is started, which results in the download and execution of the new malware tool “Screenshotter” used by TA886.

This tool captures JPG screenshots from the victim’s machine and sends them to the threat actor’s server for review.

The attackers then manually examine these screenshots to determine the value of the victim, the report mentioned.

Proofpoint says TA886 is actively involved in the attacks, analysing stolen data and sending commands to its malware at times that correspond to a typical workday in different time zones.

Read all the Latest Tech News here

(This story has not been edited by News18 staff and is published from a syndicated news agency feed)



Source link

Leave a Reply