• Sat. Aug 19th, 2023

A New Threat to Financial Institutions in Cyberspace: OCX#HARVESTER Campaign

Jun 5, 2023
A New Threat to Financial Institutions in Cyberspace: OCX#HARVESTER Campaign
Esme Greene

During the attack, cybercriminals imitate icons used in Windows and deliver malware to targeted systems.

Security specialists from Securonix uncovered a new campaign named “OCX#HARVESTER” that disseminates the “More_eggs” backdoor and other infections.

The malware More_eggs was found in assaults between December 2022 and March 2023. As cybercriminals look for fresh targets and virus distribution techniques, the campaign is believed to be active.

Securonix claims that the OCX#HARVESTER campaign is aimed at the financial industry, specifically cryptocurrency.

Phishing emails that contain a malicious ZIP bundle that downloads two LNK shortcuts are what start the infection process. The LNK shortcuts appear to be “Windows Image Resource” WIM files with a library of file and folder icons, but they are actually JPEG files that have been altered to look like the shortcuts.

Following the execution of the downloaded files, they upload more malicious files that release More_eggs (TerraLoader). Additionally, hackers attempt to obtain and install the SharpChrome extension, which they claim can be used to steal cookies and, in certain situations, Chrome login information.

Researchers connected the campaign to the APT outfit FIN6 based on the victims and operating method of the “More_eggs” malware. Experts did note that the Cobalt and Evilnum organizations had used the backdoor, though. Additionally, the analysts noted that the present campaign is comparable to the “PY#RATION” campaign that was identified earlier this year.

In order to escape discovering the More_eggs malware kit is regularly updated. Companies are warned not to interact with any file attachments, particularly those that arrive suddenly from other entities or an unidentified source, as modifications and novel routes of attack in the campaign are still being observed.