Part 2: Compromised WordPress Pages and Malware Campaigns

(520) 462-0516

Part 2: Compromised WordPress Pages and Malware Campaigns

This analysis focuses on malware campaigns linked to Proton66, particularly those targeting Android devices through compromised WordPress websites. The threat actors used redirector scripts to target users from various countries, mimicking the Google Play Store. Additionally, the XWorm campaign targeted Korean-speaking users through fake investment chat rooms. The Strela Stealer targeted email clients in German-speaking countries, while the WeaXor ransomware, a revised version of Mallox, was also observed. The report details the infection chains, provides IOCs, and recommends blocking CIDR ranges associated with Proton66 and Chang Way Technologies to mitigate risks. Author: AlienVault

Related Tags:
proton66

WeaXor

Strela Stealer

T1059.005

T1566.001

Switzerland

WordPress

France

Austria

Associated Indicators:
7D1DE2F4AB7C35B53154DC490AD3E7AD19FF04CFAA10B1828BEBA1FFADBAF1AB

7F2319F4E340B3877E34D5A06E09365F6356DE5706E7A78E367934B8A58ED0E7

40B75AA3C781F89D55EBFF1784FF7419083210E01379BEA4F5EF7E05A8609C38

D682D5AFBBBD9689D5F30DB8576B02962AF3C733BD01B8F220FF344A9C00ABFD

A2F0E6F9C5058085EAC1C9E7A8B2060B38FD8DBDCBA2981283A5E224F346E147

91811E7A269BE50AD03632E66A4A6E6B17B5B9B6D043B5AC5DA16D5021DE8DDB

4DB2FA8E019CF499B8E08E7D036B68926309905EB1D6BB3D5466E551AC8D052E

C7207893A06A56F8F682E33FD32DC04700885317

776E7064D6F340044AD6E275DDA1479EC12C0FFA

Threat Intel Solutions

Part 2: Compromised WordPress Pages and Malware Campaigns

Search

Popular Posts

Dangerous runC flaws could allow hackers to escape Docker containers

Lost iPhone? Don’t fall for phishing texts saying it was found

NAKIVO Introduces v11.1 with Upgraded Disaster Recovery and MSP Features

Categories

Pages

Archives

Tags

Follow Us