A new report surface about a new malware called "Saint Bot". It is a downloader, with a password stealer, "Taurus Stealer".
Saint Bot is a downloader that appeared quite recently, and slowly is getting momentum. It was seen dropping stealers (i.e. Taurus Stealer, or a simple AutoIt-based stealer) as well as further loaders (example). Yet its design allows to utilize it for distributing any kind of malware. Although currently it does not appear to be widespread, there is indication that it is being actively developed. Furthermore, Saint Bot employs a wide variety of techniques which, although not novel, indicate some level of sophistication considering its relatively new appearance.
So how it is distributed? Thru a phishing email with an attached, "
bitcoin.zip" file. Sound harmless, and you could fall for this trick as you might think this is a bitcoin wallet file.
So if anyone of you received this kind of phishing email, delete it immediately.
Virus total:
https://www.virustotal.com/gui/file/63d7b35ca907673634ea66e73d6a38486b0b043f3d511ec2d2209597c7898ae8/detectionFor details:
https://blog.malwarebytes.com/threat-analysis/2021/04/a-deep-dive-into-saint-bot-downloader/