[Warning]: Enigma Info stealer

[Dave1]

A new info stealer is being released by Russian threat actors in the wild that uses fake crypto related jobs offerings.

Here is the attack chain:



So they will send 2 files on the pretext that they are looking for someone and hire them.

a. Interview questions.txt
b. Interview conditions.word.exe - so this is the first attack as it contains the loader. So once it is installed on your machine, and it will download the second pay loader.

The 3rd and final stage is the Enigma Stealer

Enigma targets system information, tokens, and passwords stored in web browsers like Google Chrome, Microsoft Edge, Opera, and more. Additionally, it targets data stored in Microsoft Outlook, Telegram, Signal, OpenVPN, and other apps.

So if you received some emails, then do not open specially if you used your machine for your crypto activity as it might stole all your info like logins, passwords.

https://www.trendmicro.com/en_us/research/23/b/enigma-stealer-targets-cryptocurrency-industry-with-fake-jobs.html

[cryptoaddictchie]

Thanks for warning us. Meaning even just by opening the file from the email it could start downloading already  and chance to steal your crypto from an app or software wallets?

[348Judah]

If people can yield to the warnings and instructions always given from here that the device you use handling your wallet through should not be the one you use often for browsing or tht is connected to the internet, using a wallet like electrum should be on an airgapped device not connected to the internet to avoid any form of malicious attack that might be inteded on stealing our password or other login details or wallet keys.

[Lucius]

Thanks for warning us. Meaning even just by opening the file from the email it could start downloading already  and chance to steal your crypto from an app or software wallets?

If you open the exe file and install that malicious program, then without any doubt you have infected your device and enabled the attacker to do the final stage, which consists of collecting all the important information you store on the computer and sending it to the hacker. Just opening any e-mail will not do any harm, although some e-mail providers/clients will not even allow sending exe files precisely to prevent the possibility of malicious attacks.

[Woodie]

With how crafty people are becoming just to score some free coins, I think the best practice to protect our data and crypto coins is not to open any attachments from email addresses that are unfamiliar/unknown to us.
With techniques such as steganography, sometimes its not so obvious what's behind an attachment...

This reminds me, google drive seems to be another place these guys are really trying to explore by sending out messages that have these macros scripts that auto run once their link in the message is opened on a pc starts to copy out private keys and the alike...we really need t be careful out here in the digital space.

[rat03gopoh]

Thanks for warning us. Meaning even just by opening the file from the email it could start downloading already  and chance to steal your crypto from an app or software wallets?

Attacks don't happen automatically (app will be installed after download). Afaik, android also has a default setting to prevent app installation from outside the store. The attacker has to make every pretext in the first file sent with the .txt extension so that the victim disables security and installs the app, then the attack begins.

[khaled0111]

Attacks don't happen automatically (app will be installed after download). Afaik, android also has a default setting to prevent app installation from outside the store. The attacker has to make every pretext in the first file sent with the .txt extension so that the victim disables security and installs the app, then the attack begins.

That's correct, you need to execute the file by double clicking on it so it can download the payload. You need to be very cautious and check the extension of the file before opening it. In this example, it's supposed to be a word text file so it's supposed to end with .doc or .docx not .word.exe

[Saisher]

Attacks don't happen automatically (app will be installed after download). Afaik, android also has a default setting to prevent app installation from outside the store. The attacker has to make every pretext in the first file sent with the .txt extension so that the victim disables security and installs the app, then the attack begins.

That's correct, you need to execute the file by double clicking on it so it can download the payload. You need to be very cautious and check the extension of the file before opening it. In this example, it's supposed to be a word text file so it's supposed to end with .doc or .docx not .word.exe

This is the reason why I create another email for communication I received a lot of emails with docs and pdf followed by .exe which is executable, I am educated enough to delete any emails with .exe attachments, they send these emails with very compelling titles on the headers.
The rule of thumb is never to entertain emails coming from an unknown source even if the title is very attractive to open, these hackers are good at marketing their malware, and always watch out for attachments with .exe on it.