The Tusk Infostealer Lab is a training resource produced by CyberDefenders to educate people about an active online fraud campaign that has been identified by Kaspersky.
The campaign involves stealing cryptocurrency and sensitive information through malware that exploits popular topics such as web3, crypto, AI, and gaming to target individuals worldwide.
Question 1 in the lab involves assessing the size of the malicious file, which can be determined by uploading the hash.txt file from the lab files to VirusTotal.
Other questions in the lab cover parsing the malware binary, checking API behavior, and decoding the C2 domain.
The lab is largely based on JavaScript and runs local on a browser, with all tasks automated for the user.
The malware is a infostealer clipper, which means it replaces wallet addresses on the victim’s clipboards with ones belonging to the attacker.
The best way to avoid such attacks is to educate users about the threats and how to spot them, as well as keeping all antivirus definitions up to date.