> "After deobfuscation we can observe that it steals various credentials from browsers (Chromium, Edge, Firefox), files (Desktop, Documents, %USERPROFILE%/Source), cryptocurrency wallets (Armory, AtomicWallet, BitcoinCore, Bytecoin, DashCore, Electrum, Ethereum, LitecoinCore, Monero, Exodus, Zcash, Jaxx), VPNs (ProtonVPN, OpenVPN, NordVPN), Steam, Discord, FileZilla, Telegram, as well as collects information about the infected machine, such as running processes, external IP, content of clipboard, and takes a screenshot," CPR has found. Horrors above.
>CPR concludes that "the threat actor behind these campaigns is likely of Russian origin," and that "this case highlights how popular gaming communities can be exploited as effective vectors for malware distribution, emphasizing the importance of caution when downloading third-party content." Yep!