"Threat Actor Uses Multiple Infostealers in Global Campaign"

Cisco's Talos is warning that a threat actor has been using multiple information stealers to harvest credentials and financial data from users worldwide. The threat actor is called CoralRaider and has been active since at least 2023. The threat actor is likely of Vietnamese origin and was previously seen targeting users in various Asian countries. The researchers warned of CoralRaider's use of a customized variant of QuasarRAT dubbed RotBot and the XClient stealer to target financial and login information and steal social media accounts, including business and advertising accounts. The researchers noted that since February 2024, the threat actor has been targeting users worldwide with a combination of three information stealers, namely Cryptbot, LummaC2, and Rhadamanthys. The attacks have been targeting individuals in Ecuador, Egypt, Germany, Japan, Nigeria, Norway, Pakistan, the Philippines, Poland, Syria, Turkey, the UK, and the US, with some of them identified as users of computer service call center organizations in Japan and civil defense service organizations in Syria.

SecurityWeek reports: "Threat Actor Uses Multiple Infostealers in Global Campaign"