DarkCloud Stealer: Comprehensive Analysis of a New Attack Chain That Employs AutoIt
1 min read
Summary
The DarkCloud information stealer is being distributed via a multi-stage attack chain that starts with a phishing email with a PDF that leads to a file sharing service, followed by a RAR file that contains an AutoIt compiled executable.
Upon execution, this malware performs multiple obfuscated functions and downloads a second executable that is the final DarkCloud Stealer payload.
This payload is a data-stealing malware that captures sensitive browser data like credit card information, login credentials, and personal data.
This analysis highlights the intricacies of this campaign, along with methods for detection and prevention.
You can also review the associated bear book here.
