Verticals Targeted: E-commerce
Regions Targeted: Not specified
Related Families: None identified
PupkinStealer Leverages Telegram for Data Exfiltration
May 16, 2025 2:16:41 PM / by The Hivemind posted in Threat Bulletin, Stealer, Infostealer, Emerging Threat, PupkinStealer
GIFTEDCROOK Stealer Targets Ukraine
Apr 14, 2025 2:00:22 PM / by The Hivemind posted in Ukraine, Threat Bulletin, Espionage, Stealer, Infostealer, GiftedCrook
Verticals Targeted: Military, Law Enforcement, Government
Regions Targeted: Ukraine
Executive Summary
The Computer Emergency Response Team of Ukraine (CERT-UA) has identified a new phishing campaign by UAC-0226, deploying the GIFTEDCROOK stealer through malicious Excel files to compromise Ukrainian institutions. This operation targets sensitive data from military, law enforcement, and local government entities, leveraging socially engineered lures for execution.
FrigidStealer MacOS Stealer
Feb 21, 2025 1:48:14 PM / by The Hivemind posted in Threat Bulletin, Stealer, Infostealer, MacOS, Emerging Threat, FrigidStealer
Executive Summary
FrigidStealer is a stealer that targets MacOS devices. It has been active since at least late 2024 and is delivered via web injection campaigns.
Banshee MacOS Stealer
Jan 17, 2025 2:31:03 PM / by The Hivemind posted in Threat Bulletin, Infostealer, MacOS, Banshee
Executive Summary
Banshee is a stealer that targets MacOS systems. The latest variant of Banshee uses a string encryption algorithm that is the same as the one used in Apple’s Xprotect antivirus engine for MacOS systems.
"FakePOC" Infostealer Masquerading as LDAPNightmare PoC Exploit
Jan 13, 2025 3:00:14 PM / by The Hivemind posted in Threat Bulletin, Infostealer, FakePOC, LDAPNightmare
Executive Summary
An infostealer, dubbed “FakePOC”, was recently observed masquerading as an LDAPNightmare proof of concept (PoC) exploit.
PXA Stealer
Nov 22, 2024 1:54:18 PM / by The Hivemind posted in Threat Bulletin, Stealer, Infostealer, PXA Stealer, Vietnam
Verticals Targeted: Government, Education
Executive Summary
PXA Stealer was used in an information-stealing campaign targeting entities in the government and education sectors, located in Europe and Asia.
New Lumma C2 Variant Leverages PowerShell
Sep 16, 2024 2:58:00 PM / by The Hivemind posted in Threat Bulletin, Infostealer, CAPTCHA, Lumma C2, PowerShell
Executive Summary
A new Lumma C2 variant that leverages PowerShell was recently observed. The new variant’s attack chain masquerades as CAPTCHA and actively exploits PowerShell commands.
FickleStealer
Jun 28, 2024 3:08:23 PM / by The Hivemind posted in Threat Bulletin, Stealer, Infostealer, FickleStealer