1. Forum
  2. tqwNet
  3. TQW GENTECH

  • This new malware really goes the extra mile when it comes to infe

    From TechnologyDaily@1337:1/100 to All on Thursday, August 14, 2025 15:30:08
    This new malware really goes the extra mile when it comes to infecting your devices

    Date:
    Thu, 14 Aug 2025 14:25:00 +0000

    Description:
    A new malware framework has been seen advertised across the web - both
    through ads and weaponized sites.

    FULL STORY ======================================================================Cisco Talos finds a new malware framework called PS1Bot The framework is
    distributed through malvertising and SEO poisoning PS1Bot can serve as an infostealer, keylogger, screen grabber, and more

    Security researchers Cisco Talos have discovered a brand new malware
    framework which they say really goes the extra mile to infect a device.

    PS1Bot can log keystrokes, grab cryptocurrency data, and persist on the compromised endpoint, among other things, the company's report says.

    Complementing PS1Bot is a malvertising campaign, as well as SEO poisoning, which tricks unsuspecting victims into downloading the malware. Cisco Talos did not say what the theme of these ill-intentioned ads and pages are using, who the usual victims are, or how successful the campaign is. Flexible and dangerous

    They did say that whoever downloads the ZIP file can expect a JavaScript payload that acts as a dropper and pulls a scriptlet from an external server.

    That scriptlet writes a PowerShell script to a file on disk and runs it. In turn, the PowerShell script contacts the threat actors command-and-control (C2) server, grabbing additional commands that transform the malware into whatever is necessary at the moment.

    There are many things the framework can be turned into. It can serve as a reconnaissance tool, sharing with the attackers details about antivirus programs running on the computer, as well as basic system information.

    It can serve as a screen capture or keylogger tool, relaying screenshots and keystrokes to the C2. It can also work as a wallet grabber, stealing cryptocurrency wallet information. Finally, it can persist on the device via
    a PowerShell script that launches automatically upon restart.

    "The information stealer module implementation leverages wordlists embedded into the stealer to enumerate files containing passwords and seed phrases
    that can be used to access cryptocurrency wallets, which the stealer also attempts to exfiltrate from infected systems," Cisco Talos said.

    "The modular nature of the implementation of this malware provides
    flexibility and enables the rapid deployment of updates or new functionality as needed." You might also like This dangerous new malware is hitting Windows devices by hiding in games Take a look at our guide to the best authenticator app We've rounded up the best password managers



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/this-new-malware-really-goes-the-extra- mile-when-it-comes-to-infecting-your-devices


    --- Mystic BBS v1.12 A49 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)