SVG网络钓鱼活动瞄准乌克兰
Fortinet的FortiGuard实验室发布了一份关于针对乌克兰组织的网络钓鱼活动的详细分析。攻击者使用了一种不寻常的SVG文件作为初始感染载体,最终导致了信息窃取恶意软件Amatera Stealer和隐秘加密矿工PureMiner的部署。
该SVG文件触发了一个受密码保护的压缩档案,里面包含一个CHM文件,该文件启动了一个名为“CountLoader”的加载程序,支持无文件执行、进程空心化和DLL侧加载。
这种通过基于SVG的链条传递的窃取者与矿工的组合,显示出网络钓鱼活动的日益复杂化,尤其是针对关键行业的攻击。
完整报告请访问:
https://www.fortinet.com/jp/blog/threat-research/svg-phishing-hits-ukraine-with-amatera-stealer-pureminer
查看原文
Fortinet’s FortiGuard Labs has published a detailed analysis of a phishing campaign targeting Ukrainian organizations.
The attackers used an unusual SVG file as the initial infection vector, which ultimately led to the deployment of Amatera Stealer (information-stealing malware) and PureMiner (a stealth crypto-miner).<p>The SVG file triggered a password-protected archive containing a CHM file that launched a loader called “CountLoader,” enabling fileless execution, process hollowing, and DLL side-loading.<p>This combination of stealer + miner, delivered through an SVG-based chain, shows a growing sophistication in phishing campaigns, especially those aimed at critical sectors.<p>Full report:
https://www.fortinet.com/jp/blog/threat-research/svg-phishing-hits-ukraine-with-amatera-stealer-pureminer