As soon as the HTA script, a Home windows standalone program written in HTML is executed, it initiates PowerShell code that finally establishes C2, downloads decoy PDF information for evasion, and a malicious shell injector.
“These information goal to inject the ultimate stealer into respectable processes, initiating malicious actions and sending the stolen knowledge again to a C2 server,” Fortinet added.
The goal purposes for the noticed stealer included net browsers, crypto wallets, messengers, electronic mail shoppers, VPN companies, password managers, AnyDesk, and MySQL Workbench, amongst many others.
