Blitz is a new Windows-based malware discovered in 2024 consisting of a downloader and bot payload. The latest version was spread through backdoored game cheats for Standoff 2 distributed via Telegram. Blitz abuses Hugging Face Spaces to host components of its C2 infrastructure and payloads. The malware performs information stealing and DDoS attacks. An XMRig cryptocurrency miner was also deployed as follow-up malware. By May 2025, the developer claimed to have abandoned the project. Russia accounted for the highest number of infections among 289 victims across 26 countries. Palo Alto Networks customers are protected through various security products and services. Author: AlienVault
Related Tags:
hugging face
blitz
cryptocurrency mining
T1497.001
T1573.001
information stealing
T1132.001
T1056.001
XMRig
Associated Indicators:
FA0D069156D4913607FED8321FF5F7F4758A51E9ECE2D00CCADE8CB2E40E3374
7891BB5A4656469ADA072F0081C5149251B9AD49DFCF64BDB02704EDAA73548A
6E8F4286FF63ACDA3A04FCA3AF7F9FC0962DC84CE889C0B51E5E5768043CBDAD
84A1D2BFE9BBA6387E3752978AEC1C0871FECF7844E23B72E4D6A046F58F4692
3AAAAB12AD5CC2571BF935AB248419C535577220571F76F84A37DB5623956DA9
A34A4A7C71DE2D4EC4BAF56FD143D27EEEDEBB785A2BA3E0740B92E62EFD81EA
B1D7FB16F057318C1F0727A46DF7AD755361311BA22EDDD1F5D397EF0E648C42
CE1940EB26F0609FC25AAECBF998D01F5A7D5420C91BFE5C4B710D057981850C
D7D98F3427BF7FA0F936472E9ABAEDFC38EA3E1A83A6C3BDDEC55B177B70E743