A massive distribution of SmartLoader malware has been discovered through GitHub repositories masquerading as legitimate projects. These repositories focus on topics like game cheats, software cracks, and automation tools to attract users. The malware is distributed via compressed files containing a legitimate Lua loader executable, a malicious batch file, and an obfuscated Lua script. Once executed, SmartLoader establishes persistence, sends system information to a C2 server, and downloads additional payloads. The malware has been observed downloading InfoStealer malware such as Rhadamanthys, Redline, and Lumma Stealer. Users are advised to download software only from official sources and to carefully verify the credibility of GitHub repositories before use. Author: AlienVault
Related Tags:
software-cracks
game-cheats
SmartLoader
T1588.001
T1059.006
T1053.005
c2
T1132.001
T1056.001
Associated Indicators:
C5A7070FD30913E1A8D214DF38180CF11D64088A8F5C1EAB8FDE1E4E2B69626C
277A0AA3FB3762438F5BD1F9F35A58979430622BC6234E95A4383667A8402952
7D876D3B9A8E7E368560C1D21166D046029358F2
42434134700318A7A8042EF8CE68BC1704D1788D
9FBA901469DD6764DE7DCD6F863EF2617E8288DB
ED0B087203FBE99717F2BE9E93ABC0CF9A4200C9
E5C783B9C1A70BD10EFB66A79FF55EA1
4D744F3E77A4CB86A676DA9C0A28B186
952065A30E60FB71A5A27E0B78233CF1