As soon as the HTA script, a Home windows standalone program written in HTML is executed, it initiates PowerShell code that finally establishes C2, downloads decoy PDF information for evasion, and a malicious shell injector.
“These information goal to inject the ultimate stealer into authentic processes, initiating malicious actions and sending the stolen information again to a C2 server,” Fortinet added.
The goal functions for the noticed stealer included internet browsers, crypto wallets, messengers, electronic mail purchasers, VPN companies, password managers, AnyDesk, and MySQL Workbench, amongst many others.
