In July 2019, when malware was not so far been documented, it quietly hijacked online accounts of promoters and users of Facebook, Google, Apple, Amazon, and other well-famous websites and after the hijacking, it used the user’s information for criminal activities.
After a deep investigation, the cybersecurity analyst of Proofpoint researchers recently issued details of that new, undocumented malware “CopperStealer”. According to the report, the attacker spreads this CopperStealer malware via the fake software that continually destroys sites and targets the users of the leading website, that malware is observed through suspicious websites that have been displayed in the form of “KeyGen” or “Crack” sites. This new malware works exactly like the previously identified malware called “SilentFade”, which is a China-based malware. The Websites which permanently hosts samples that have submitted various malware problems, together with CopperStealer, the other malware are ‘keygenninja.com, piratewares.com, startcrack.com, and crackheap.net.
This malware is operated by harvesting passwords that are saved in the Google Chrome, Yandex, Edge, Firefox, and Opera web browsers, also dropped utilizing CopperStealer’s downloader module which involves the modular Smokeloader backdoor, and it conjointly accommodates a wide collection of other malicious payloads that are being downloaded from totally different “URLs.”
Apart from this, the specialists believe that CopperStealer isn’t the most dangerous credential/account stealer in durability. Like all other malware, it also has some basic abilities, and its overall impact can be huge.
One researcher accounted that during the first 24 hours of operation, the site recorded 69,992 HTTP requests from 5,046 unique IP addresses from 159 countries and representing 4,655 unique infections. India is one of the top five countries that are affected by this malware followed by Indonesia, Brazil, Pakistan, and the Philippines.