StepDrainer MaaS Platform Targeting Multi-Chain Crypto Wallets and NFT Assets

Pulse ID: 69e84c485f4bea2e54e6321e
Pulse Link: https://otx.alienvault.com/pulse/69e84c485f4bea2e54e6321e
Pulse Author: Tr1sa111
Created: 2026-04-22 04:19:20

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #InfoSec #MaaS #OTX #OpenThreatExchange #bot #Tr1sa111

Baykar'da 2026 mühendis maaşları ne kadar oldu? 🚀

Yeni mezun ve uzman kadrolar için hazırladığımız güncel maaş bantları sitemizde! 👇

#baykar #mühendis #maaş #kariyer #mühendisol

https://www.muhendisol.com/2026-baykar-muhendis-maaslari/?utm_source=mastodon&utm_medium=jetpack_social

StepDrainer MaaS Platform Targeting Multi-Chain Crypto Wallets and NFT Assets

StepDrainer is a Malware-as-a-Service (MaaS) platform engineered to steal digital assets from cryptocurrency wallets, including fungible tokens and high-value NFT collections. The malware supports more than 20 blockchain networks and incorporates multiple draining techniques, particularly abusing ERC-20 token permissions and NFT approval mechanisms.

The platform includes automated asset transfer capabilities, compatibility with widely used mobile wallets, and encrypted logging via Telegram channels for attacker monitoring. StepDrainer is commercially distributed within cybercriminal ecosystems, with pricing models ranging from approximately $750 for full source code access to $150 for a shared version that imposes a 20% commission on successful thefts.

Pulse ID: 69e734af1069d427edf013a9
Pulse Link: https://otx.alienvault.com/pulse/69e734af1069d427edf013a9
Pulse Author: AlienVault
Created: 2026-04-21 08:26:23

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#BlockChain #CyberSecurity #InfoSec #MaaS #Malware #MalwareAsAService #OTX #OpenThreatExchange #RAT #RCE #SMS #Telegram #bot #cryptocurrency #AlienVault

𝗠𝗮𝗮𝘀: '𝗻𝗶𝗲𝘁 𝗵𝗲𝗹𝗱𝗲𝗿' 𝗱𝗮𝘁 𝗡𝗣𝗢 𝘁𝗼𝗰𝗵 𝗴𝗿𝗼𝗼𝘁 𝗺𝗲𝘁 𝘀𝗼𝗻𝗴𝗳𝗲𝘀𝘁𝗶𝘃𝗮𝗹 𝘂𝗶𝘁𝗽𝗮𝗸𝘁

Cornald Maas zet vraagtekens bij het feit dat de NPO en de NOS dit jaar groot uitpakken met het Eurovisie Songfestival, ondanks het feit dat AVROTROS besloten heeft dat Nederland dit jaar niet meedoet. Dat zegt Cornald Maas, jarenlang werkzaam als commentator en lid van de selectiecommissie,...

https://www.rtl.nl/boulevard/artikel/5592334/maas-niet-helder-dat-npo-toch-groot-met-songfestival-uitpakt

#NPO #Songfestival #Maas

Mirax RAT Targeting Android via Meta Platforms

Mirax is an Android RAT and banking malware sold via a restricted MaaS model.

Pulse ID: 69e14ecdb23562115a20a74f
Pulse Link: https://otx.alienvault.com/pulse/69e14ecdb23562115a20a74f
Pulse Author: cryptocti
Created: 2026-04-16 21:04:13

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Android #Bank #CyberSecurity #InfoSec #MaaS #Malware #OTX #OpenThreatExchange #RAT #bot #cryptocti

Mirax Trojan Hijacks Android Devices for Proxy Network

Meet Mirax, a sneaky new Android banking trojan that's not only stealing credentials, but also hijacking devices to create a powerful proxy network - putting European users at risk. This emerging malware is a triple threat, combining a malware-as-a-service model, remote access capabilities, and residential proxies to wreak havoc…

https://osintsights.com/mirax-trojan-hijacks-android-devices-for-proxy-network?utm_source=mastodon&utm_medium=social

#AndroidBankingTrojan #EmergingThreats #Malwareasaservice #ResidentialProxies #Maas

💬 Telegram plays an important role in many underground businesses. Threat actors commonly stand up channels to market and support malicious activities such as malware-as-a-service (MaaS) subscriptions. While investigating ScreenConnect servers, a remote access support tool commonly abused by threat actors, we found an interesting business that we had never seen before. This actor used telegram as a storefront and support channel for an underground Remote Access Toolkit Online (RATO) platform. Technically RATO is a service that bundles cPanel and ScreenConnect technology to help its cyber criminal customers remotely access victim machines and manage scams, phishing, and malware (e.g. Latrodectus).

🐀 🔴 We discovered several servers that matched a ScreenConnect signature but these instances did not serve the typical ScreenConnect web content. Instead, their service is called "RATO PLATFORM" and the portal page shows the slogan "Can't catch the RAT__". We've found several telegram channels that promote services named "RATO", use the rat head logo (see attached image), or the domain rato[.]to. Based on their telegram chat content, it's clear their business model is focused on enabling cybercrime.

@rato_support
@ratofaqs
@rato_backup
@rato_hosting
@Rato2_bot

Consistent with RATO’s “BulletProof & Anti-Red Hosting” feature, we saw many RATO instances on ASNs with a high concentration of malicious activity (e.g., AS202412). Additionally, RATO infrastructure shows strong ties to Indonesia including Indonesian IP addresses in passive DNS and domains within the same cloudflare account used for serving online gambling to Indonesian-speaking users. Collectively, RATO and its customers operate a large number of domains. Here are some examples:

asakusubinitohas[.]com
bmw320ikaka[.]co
cpusx[.]com
newoneazu[.]com
ratmail[.]pro
rato[.]page
rato[.]to
ratodemo[.]pro
sesrecipt[.]com
silk-gen[.]com
sunostart[.]com
viewyourstatementonline[.]com

#dns #threatintel #threatintelligence #cybercrime #cybersecurity #infosec #infoblox #infobloxthreatintel #scam #phishing #malware #maas #telegram #indonesia #screenconnect #latrodectus #rat #rmm #remotemonitoringmanagement #downloader #spam #rato