Stealerium malware named ‘Enigma’ is on the rise. A campaign started in Russia is sending threats to Europe’s cryptocurrency industry.
In addition to this, Trend Micro has informed:
“In this campaign, the suspected Russian threat actors, use several highly obfuscated and underdevelopment custom loaders to infect those involved in the cryptocurrency industry with Enigma stealer (detected as TrojanSpy.MSIL.ENGIMASTEALER.YXDBC), which is a modified version of the Stealerium information stealer. In addition to these loaders, the attacker also exploits CVE-2015-2291, an Intel driver vulnerability, to load a malicious driver designed to reduce the token integrity of Microsoft Defender.”
Fake interviews to trap
The hackers are conducting interviews through social media and emails. Discussions are in the form of questionnaires and forms. And the file is about fake jobs in the crypto industry. They develop an attractive pay package and a phony agreement to make users believe them ultimately.
Enigma infrastructure
Enigma uses two servers in its operation.
- Telegram for delivering payloads, sending commands, and receiving the payload heartbeat.
- Second server 193[.]56[.]146[.]29 is used for DevOps and logging purposes.
The system is continuously improving, and the Amadey C2 panel is also found in the communication, which a Russian botnet used for unethical hacking purposes. The malware works in different steps and is said to have an efficient success rate.
Concluding thoughts
Web 3.0 and individuals are at risk. The malware is destructive and is continuously evolving for better trapping procedures. To protect oneself from such malware, one must be vigilant against social media posts and phishing attacks.
Employment gauging threats will rise as the world faces economic crises and people are looking for jobs everywhere. There is a need to install security methods to your systems which can help you in preventing such attacks.
