CopperStealer, also known as Mingloa, is a malicious program. It is designed to steal confidential / personal information and has the ability to cause chain infection. Significant CopperStealer activity has been observed in Brazil, India, Indonesia, Pakistan and the Philippines. At the time of the investigation, this malware was found to be spreading via websites that offered illegal activation tools (cracks) for licensed software products.
In addition to cracks, spam campaigns are also commonly used to spread malware. This term defines a large-scale operation during which thousands of misleading / fraudulent emails are sent. Emails have virulent files attached and / or linked within them. Infectious files can be in various formats, for example, archives, executables, PDF and Microsoft Office documents, JavaScript, etc.
CopperStealer has basic anti-scan functionalities, that is, it can detect when running on several different virtual machines. The main feature of this malicious program is the extraction of saved login credentials (usernames / passwords) and Internet cookies from certain browsers. It primarily targets the credentials of Facebook and Instagram business-oriented accounts. However, the CopperStealer variants also target the login credentials of Amazon, Apple, Bing, Google, PayPal, Tumblr, and Twitter account / platform / service.
Researchers believe that CopperStealer is not very sophisticated malware as its capabilities are very basic. However, it can be a great threat. In the first 24 hours of its operation, it logged more than 69,990 HTTP requests from around 5,046 unique IP addresses originating from 159 countries. Hackers can use the accounts they have attacked to deliver malicious advertising. It acts in a similar way to other threats that we have seen before like SilentFade.
We have indicated that they heavily use download web pages and sites that do not have a high reputation. Basically fraudulent pages or designed to send malicious advertising and other attacks. There are files that are actually the CopperStealer executable. Keep in mind that they use many methods to steal passwords on the Internet and it is convenient to be protected.
Therefore, the main advice to avoid being victims of this problem and others like it is to maintain common sense, be careful when downloading programs and using pages that may be fraud and compromise security, but it will also be very important to have a security program.
Check also:
Saint bot – A new password stealing threat
Redline, the malware that targets passwords
[…] check:CopperStealer – A threat targeting passwordsPandaStealer, the new threat to […]