Dark
Light

Beware of ManticoraLoader Malware targeting Citrix users for data theft

1 min read
53 views




Summary

TLDR:

  • ManticoraLoader is a new Malware-as-a-Service targeting Citrix users to steal data
  • It can infect Windows systems, collect information like IP addresses, usernames, and more, and evade detection

Summary:

DeadXInject has launched ManticoraLoader, a malware designed to target Windows systems and steal sensitive information. This malware is advertised on underground forums and Telegram and is capable of infecting systems from Windows 7 onwards, including Windows Server. Once infected, ManticoraLoader collects information such as IP addresses, usernames, system language, antivirus software, and more. This data is then sent to a central control panel, allowing attackers to maintain control over compromised systems and customize subsequent attacks. The loader is designed to gain persistent access to systems by placing files in auto-start locations and uses advanced techniques to disguise its code and evade detection.

The threat actors behind ManticoraLoader have implemented a restricted client model using escrow or direct contact to maintain control and reduce exposure. The loader boasts sophisticated obfuscation and anti-detection capabilities, as evidenced by its zero detections on Kleenscan and ability to bypass 360 Total Security sandboxing. Despite the emergence of ManticoraLoader, AresLoader remains a prevalent threat, highlighting the ongoing need for robust security measures to combat sophisticated malware threats. ManticoraLoader is available as a rental service for a monthly fee of USD 500 with strict terms and conditions, and the loader aims to ensure effectiveness and minimize the risk of detection.


Previous Story

Microsoft detects new tickler malware attacking satellite devices

Next Story

Hacktivists use WinRAR bug to encrypt Windows and Linux systems

Latest from News