|
Title: [Warning]: Enigma Info stealer Post by: Dave1 on February 10, 2023, 08:52:00 AM A new info stealer is being released by Russian threat actors in the wild that uses fake crypto related jobs offerings.
Here is the attack chain: https://talkimg.com/images/2023/11/18/Fz26a.png So they will send 2 files on the pretext that they are looking for someone and hire them. a. Interview questions.txt b. Interview conditions.word.exe - so this is the first attack as it contains the loader. So once it is installed on your machine, and it will download the second pay loader. The 3rd and final stage is the Enigma Stealer Quote Enigma targets system information, tokens, and passwords stored in web browsers like Google Chrome, Microsoft Edge, Opera, and more. Additionally, it targets data stored in Microsoft Outlook, Telegram, Signal, OpenVPN, and other apps. So if you received some emails, then do not open specially if you used your machine for your crypto activity as it might stole all your info like logins, passwords. https://www.trendmicro.com/en_us/research/23/b/enigma-stealer-targets-cryptocurrency-industry-with-fake-jobs.html Title: Re: [Warning]: Enigma Info stealer Post by: cryptoaddictchie on February 10, 2023, 09:41:37 AM Thanks for warning us. Meaning even just by opening the file from the email it could start downloading already and chance to steal your crypto from an app or software wallets?
Title: Re: [Warning]: Enigma Info stealer Post by: 348Judah on February 10, 2023, 01:04:27 PM If people can yield to the warnings and instructions always given from here that the device you use handling your wallet through should not be the one you use often for browsing or tht is connected to the internet, using a wallet like electrum should be on an airgapped device not connected to the internet to avoid any form of malicious attack that might be inteded on stealing our password or other login details or wallet keys.
Title: Re: [Warning]: Enigma Info stealer Post by: Lucius on February 10, 2023, 02:52:23 PM Thanks for warning us. Meaning even just by opening the file from the email it could start downloading already and chance to steal your crypto from an app or software wallets? If you open the exe file and install that malicious program, then without any doubt you have infected your device and enabled the attacker to do the final stage, which consists of collecting all the important information you store on the computer and sending it to the hacker. Just opening any e-mail will not do any harm, although some e-mail providers/clients will not even allow sending exe files precisely to prevent the possibility of malicious attacks. Title: Re: [Warning]: Enigma Info stealer Post by: Woodie on February 10, 2023, 04:10:52 PM With how crafty people are becoming just to score some free coins, I think the best practice to protect our data and crypto coins is not to open any attachments from email addresses that are unfamiliar/unknown to us.
With techniques such as steganography, sometimes its not so obvious what's behind an attachment... This reminds me, google drive seems to be another place these guys are really trying to explore by sending out messages that have these macros scripts that auto run once their link in the message is opened on a pc starts to copy out private keys and the alike...we really need t be careful out here in the digital space. Title: Re: [Warning]: Enigma Info stealer Post by: rat03gopoh on February 10, 2023, 04:38:46 PM Thanks for warning us. Meaning even just by opening the file from the email it could start downloading already and chance to steal your crypto from an app or software wallets? Attacks don't happen automatically (app will be installed after download). Afaik, android also has a default setting to prevent app installation from outside the store. The attacker has to make every pretext in the first file sent with the .txt extension so that the victim disables security and installs the app, then the attack begins. Title: Re: [Warning]: Enigma Info stealer Post by: khaled0111 on February 10, 2023, 11:04:23 PM Attacks don't happen automatically (app will be installed after download). Afaik, android also has a default setting to prevent app installation from outside the store. The attacker has to make every pretext in the first file sent with the .txt extension so that the victim disables security and installs the app, then the attack begins. That's correct, you need to execute the file by double clicking on it so it can download the payload. You need to be very cautious and check the extension of the file before opening it. In this example, it's supposed to be a word text file so it's supposed to end with .doc or .docx not .word.exeTitle: Re: [Warning]: Enigma Info stealer Post by: Saisher on February 10, 2023, 11:50:32 PM Attacks don't happen automatically (app will be installed after download). Afaik, android also has a default setting to prevent app installation from outside the store. The attacker has to make every pretext in the first file sent with the .txt extension so that the victim disables security and installs the app, then the attack begins. That's correct, you need to execute the file by double clicking on it so it can download the payload. You need to be very cautious and check the extension of the file before opening it. In this example, it's supposed to be a word text file so it's supposed to end with .doc or .docx not .word.exeThis is the reason why I create another email for communication I received a lot of emails with docs and pdf followed by .exe which is executable, I am educated enough to delete any emails with .exe attachments, they send these emails with very compelling titles on the headers. The rule of thumb is never to entertain emails coming from an unknown source even if the title is very attractive to open, these hackers are good at marketing their malware, and always watch out for attachments with .exe on it. |
