InQuest Insider - June 2023
InQuest.net
Take your risk out of their hands. File-based cybersecurity protection to enforce Zero Trust and minimize end-user risk.
Since April 2023, a newly discovered malware called 'Mystic Stealer' has been making waves in the cybercrime community. This information-stealing malware has gained significant attention on hacking forums and darknet markets, garnering widespread interest and usage.
Available for a monthly rental fee of $150, Mystic Stealer is designed to target various web browsers, browser extensions, cryptocurrency applications, MFA and password management applications, cryptocurrency browser extensions, and credentials for platforms like Steam and Telegram. Its extensive capabilities allow it to infiltrate and extract sensitive data from a wide range of sources.
The emergence of Mystic Stealer has prompted simultaneous reports from prominent cybersecurity firms. In a?joint report by InQuest and Zscaler, experts express concern about the sophistication of this malware and the alarming increase in its sales. Numerous new campaigns exploiting Mystic Stealer are being launched, signaling a growing threat to individuals and organizations alike.
InQuest Email Attack Simulation
This month we harvested 215 samples from the wild capable of bypassing either Microsoft or Google. Of those, Microsoft missed 70 (43%), and Google missed 190 (88%). The distribution of misses by file type is depicted below:
Recently, we've incorporated sample sources from over 50 leading industry blogs. If any of these samples can reach your inbox (42 samples in June), then the source blog will be referenced in your daily EAS report.
Want to validate the efficacy of your email security stack?
InQuire?here?for a one-month free email attack simulation.
InQuest Latest Blog Posts
An Executive Guide To Email Hygiene: Secure Communication And Boost Business Value
Posted on 2023-06-23 by Michael Arcamone
In today's digital world, email remains a crucial channel for businesses to communicate with clients, partners, and employees. At the same time, cybercriminals realize this and focus on exploiting this channel to conduct attack campaigns against businesses of all types and sizes.
Mystic Stealer: The New Kid on the Block
Posted on 2023-06-15 by Darren Spruell and Chase Sims
InQuest and Zscaler ThreatLabz have analyzed a new malware family, Mystic Stealer. The information-stealing malware extracts data from various sources, including web browsers and cryptocurrency wallets, through its obfuscation techniques and an encrypted binary protocol for communication. The malware then collects a wide range of information, such as system details, browsing history, auto-fill data, and credentials from multiple web browsers and extensions. The impact and future trajectory of Mystic Stealer are yet to be determined, but its capabilities and sophistication pose a significant threat.
InQuest Labs Research Spotlight
CVExploits
Your comprehensive database for CVE exploits from across the internet.
领英推荐
PackMyPayload
This tool takes a file or directory on input and embeds them into an output file, acting as an archive/container.
Ransomchats
Here you'll find ransomware negotiations normalized as JSON files. Ransomware negotiations are usually kept a secret, limiting the understanding of the process.
Global Security Events
OnlyDcRatFans: Malware Distributed Using Explicit Lures of OnlyFans Pages and Other Adult Content
In May 2023, esentire identified DcRAT, a clone of AsyncRAT, as a consumer services customer. DcRAT is a remote access tool with info-stealing and ransomware capabilities. The malware is actively distributed using explicit lures for OnlyFans pages and other adult content.
".Zip" top-level domains draw potential for information leaks
As a result of Google’s announced sale of new TLDs that are also popular file extension formats, there is an increased risk with the deployment of the “.zip” domain that threat actors will develop new vectors for compromising victims. In early May 2023, Google released eight new TLDs, marketing the “.zip” domain to let an audience know that a domain’s owner is “fast, efficient, and ready to move.”
New Fast-Developing ThirdEye Infostealer Pries Open System Information
FortiGuard Labs recently found suspicious files, even during a cursory review. Their subsequent investigation confirmed that the files are malicious and revealed there is more to them than meets the eye: they are a previously unseen infostealer that have named ThirdEye”.
InQuest Insider - Your monthly resource for the latest in cyber security news, trends, tips, and tools.?Subscribe?here.