Priya PatelTLDR:
- Threat actors are using a sophisticated technique to force victims into entering login credentials for stealing.
- The technique combines browser manipulation with traditional stealer malware.
The evolving threat landscape has seen a rise in increasingly sophisticated cyber threats, with threat actors now forcing victims into entering login credentials for stealing. This new technique, discovered by cybersecurity researchers at OALABS, combines browser manipulation with traditional stealer malware.
Since August 22, 2024, threat actors have been deploying a “credential flusher” along with malware like “StealC.” The flusher, typically an “AutoIt” script compiled into an executable, identifies installed browsers and launches the preferred one in kiosk mode. It persistently relaunches the browser if closed and uses hotkey settings to prevent escape. The accompanying StealC malware then exfiltrates the saved credentials.
Under this complete attack chain, Amadey infection is also involved, making the threat even more sophisticated. By manipulating user behavior instead of directly intercepting input, this stealthy tactic evades traditional credential theft protections, posing a significant threat in today’s cybersecurity landscape.
As cybersecurity professionals continue to combat these advanced threats, staying informed and vigilant is key to protecting sensitive information and data from falling into the hands of malicious actors.
