TLDR:
- ManticoraLoader is a new Malware-as-a-Service targeting Citrix users to steal data
- It can infect Windows systems, collect information like IP addresses, usernames, and more, and evade detection
Summary:
DeadXInject has launched ManticoraLoader, a malware designed to target Windows systems and steal sensitive information. This malware is advertised on underground forums and Telegram and is capable of infecting systems from Windows 7 onwards, including Windows Server. Once infected, ManticoraLoader collects information such as IP addresses, usernames, system language, antivirus software, and more. This data is then sent to a central control panel, allowing attackers to maintain control over compromised systems and customize subsequent attacks. The loader is designed to gain persistent access to systems by placing files in auto-start locations and uses advanced techniques to disguise its code and evade detection.
The threat actors behind ManticoraLoader have implemented a restricted client model using escrow or direct contact to maintain control and reduce exposure. The loader boasts sophisticated obfuscation and anti-detection capabilities, as evidenced by its zero detections on Kleenscan and ability to bypass 360 Total Security sandboxing. Despite the emergence of ManticoraLoader, AresLoader remains a prevalent threat, highlighting the ongoing need for robust security measures to combat sophisticated malware threats. ManticoraLoader is available as a rental service for a monthly fee of USD 500 with strict terms and conditions, and the loader aims to ensure effectiveness and minimize the risk of detection.