If you haven’t yet heard of a malware strain called ‘Predator the Thief’, it’s something that belongs on your radar.
It first emerged as a threat in July of 2018, when it was used in conjunction with an extensive phishing campaign.
In its original incarnation, it proved more than capable of stealing passwords, browser data, user names and the contents of cryptocurrency wallets. In addition, it was able to access the infected victim’s webcam and take pictures with it, sending everything to a command and control server.
Unfortunately, the group behind the malware has been busy updating it. It’s recently been spotted in the wild with a new set of enhanced capabilities that make it more difficult for antivirus programs to detect its presence.
In addition to that, the hackers have upped their game on the phishing campaign front. This included adding new documents to use as lures to hook the victim into inadvertently installing the malicious code.
The new and improved version of the malware was discovered by Fortiguard Labs, and apparently version 3.3.4 was released on Christmas Eve, 2019.
Although there’s no clear indication as to who is behind the code, a forensic analysis reveals it to be Russian in origin. Fortiguard’s researchers reached this conclusion based on the fact that the malware is specifically designed not to operate in Armenia, Belarus, Kazakhstan, Kyrgyzstan, Moldova, Russia, Tajikistan, Turkmenistan, Ukraine or Uzbekistan. Those are countries that Russian hackers tend not to target as a rule.
In terms of minimizing the threat that Predator the Thief poses, Fortiguard’s researchers recommend ensuring that macros are disabled by default and that all software (including OS software) is fully patched and up to date. These are, of course, sensible precautions to take when protecting against any threat, so it makes for good advice in general. Stay on your guard. It’s dangerous out there.
Hear from Philipp Baumann, owner and founder of BoomTech: