Mastodawn

Smart Contracts for C&C: How ClearFake Hid in Plain Sight on BSC Testnet
#Clearfake #ACRStealer
https://www.trendmicro.com/en_us/research/26/e/smart-contracts-for-command-and-control.html

Smart Contracts for C&C: How ClearFake Hid in Plain Sight on BSC Testnet

TrendAI™ Research analyzed an intrusion where threat actors used the EtherHiding technique to route ClearFake payload delivery through smart contracts on the BNB Smart Chain testnet. The attack chain ended with two simultaneously deployed stealers, SectopRAT and ACRStealer alongside an on-chain execution tracker that confirmed each victim compromise in real time.

Trend Micro

SANS Internet Storm Center - SANS.edu - Go Sentinels!May 26

ISC Diary: #ACRStealer from web page impersonating Claude https://isc.sans.edu/diary/33018

Just Another Blue Teamer Feb 24, 2025

Happy Monday everyone!

The AhnLab, Inc. Security Intelligence Center (ASEC) has been monitoring infostealer malware that is disguised as illegal software and keygens and found that most of the malware that is distributed in this manner has been the #LummaC2 infostealer BUT there has been an increase in distribution of the #ACRStealer as well. What is pretty interesting is the technique they use for C2. In this case they have used Steam, telegra.ph, Google Docs (Form) and Google Docs (Presentation). Enjoy and Happy Hunting!

ACRStealer Infostealer Exploiting Google Docs as C2
https://asec.ahnlab.com/en/86390/

Intel 471 Cyborg Security, Now Part of Intel 471 #ThreatIntel #ThreatHunting #ThreatDetection #HappyHunting #readoftheday

ACRStealer Infostealer Exploiting Google Docs as C2 - ASEC

AhnLab SEcurity intelligence Center (ASEC) monitors the Infostealer malware disguised as illegal programs such as cracks and keygens being distributed, and publishes related trends and changes through the Ahnlab TIP and ASEC Blog posts. While the majority of the malware distributed in this manner has been the LummaC2 Infostealer, the ACRStealer Infostealer has seen an […]

ASEC