Card Skimmer Group Using Raccoon Info-Stealer Siphon Data
The campaign progressed in four waves, starting in February and ending in September, with the operators relying on specially-crafted phishing pages and lure documents laced with malicious macros to download Vidar and Raccoon information stealers onto victim systems.
The ultimate goal of the attack, the researchers noted, was to steal payment and user data via several attack vectors and tools to deliver the malware.
The fake web pages were created using the Mephistophilus phishing kit, which allows attackers to create and deploy phishing landing pages engineered for distributing malware.
“Attackers sent links to fake pages that informed victims about a missing plugin required to display the document correctly,” Group-IB researchers explained in an analysis of the cybercrime group’s tactics last November. “If a user downloaded the plugin, their computer was infected with the password-stealing malware.”
Read more at Source – The Hacker News