Geeks for your information Security Security Vendors Kaspersky Kaspersky Security Blog v
Tarot and cyberthreats: a new Trojan for fans of the supernatural
Tarot and cyberthreats: a new Trojan for fans of the supernatural
harlan4096 Online
MalWare Zoo Team
*******
Posts: 15,927
Threads: 10,168
Thanks Received: 9,307 in 7,453 posts
Thanks Given: 10,236
Joined: 12 September 18
#1
Bug  02 April 25, 09:19
Quote:New malware targets magic enthusiasts — sending stolen data to an “astral cloud server”.

Imagine what the world would be like if tarot cards could accurately predict any and every event. Perhaps we could have nipped Operation Triangulation in the bud, and zero-day vulnerabilities wouldn’t exist at all, as software developers would receive alerts in advance thanks to tarot readings.

Sounds incredible? Well, our experts actually looked into similar methods in their latest discovery! Read on to learn about the new Trojan we found and how we did it.

The tarot trojan

The new Trojan — Trojan.Arcanum — is distributed through websites dedicated to fortune-telling and esoteric practices, disguised as a “magic” app for predicting the future. At first glance, it looks like a harmless program offering users the chance to lay out virtual tarot cards, calculate astrological compatibility, or even “charge an amulet with the energy of the universe” (whatever that means). But in reality, something truly mystical is unfolding behind the scenes — in the worst possible way.

Once installed on the user’s device, Trojan.Arcanum connects to a cloud C2 server and deploys its payload — the Autolycus.Hermes stealer, the Karma.Miner miner, and the Lysander.Scytale crypto-malware. Having collected user data (logins; passwords; time, date and place of birth; banking information; etc.), the stealer sends it to the cloud. Then the real drama begins: the Trojan starts manipulating its victim in real life using social engineering!

Through pop-up notifications, Trojan.Arcanum sends pseudo-esoteric advice to the user, prompting them to take certain actions. For example, if the Trojan gains access to the victim’s banking apps and discovers significant funds in the account, the attackers send a command to give the victim a false prediction about the favorability of large investments. After this, the victim might receive a phishing email offering to participate in a “promising startup”. Or maybe they won’t — depending on how the cards fall.

Continue Reading...
Find
Reply


Messages In This Thread
Tarot and cyberthreats: a new Trojan for fans of the supernatural - by harlan4096 - 02 April 25, 09:19

Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:

[-]
Recent Posts
Intel shares Granite Rapids-WS Xeon 600 ...
Intel posts Xeon 6...harlan4096 — 09:49
Manjaro Linux 26.0.3 Build 260228
Manjaro Linux 26.0...harlan4096 — 08:20
K-Lite Codec Pack 19.5.0 / 19.5.4 Update
Changes in 19.5.4 ...harlan4096 — 08:19
JEDEC publishes UFS 5.0 spec with up to ...
KIOXIA starts samp...harlan4096 — 08:17
QOwnNotes
26.2.15  Fix Qt5 ...Kool — 07:30

[-]
Birthdays
Today's Birthdays
avatar (50)daadAmomo
Upcoming Birthdays
avatar (44)gapedDow
avatar (38)snorydar
avatar (43)Hectorvot
avatar (51)knowhanPluts
avatar (39)Williamengiz
avatar (46)qaqapeti
avatar (44)battsourIonix
avatar (43)CedricSek
avatar (39)chasRex
avatar (43)slavrProck
avatar (45)Tyesharaike
avatar (49)TomeRerla
avatar (45)walllMIZ
avatar (41)oconyho
avatar (33)uteluxix
avatar (47)piafcflene
avatar (39)Matthewkah
avatar (51)tersfargum
avatar (50)alfreExept
avatar (38)Charlesfibre
avatar (42)napasvem
avatar (44)diploJeoca
avatar (38)francisnj3
avatar (43)artmaGoork
avatar (45)tukraNax
avatar (51)Claudestync
avatar (41)RichardCisee
avatar (40)ebenofit
avatar (38)ykazawu
avatar (41)ARYsahulatbazar

[-]
Online Staff
There are no staff members currently online.

>