"Hackers Use New PowerMagic and CommonMagic Malware to Steal Data"

Researchers have discovered attacks by a sophisticated threat actor involving a previously unknown malicious framework called CommonMagic and a new backdoor called PowerMagic. Since at least September 2021, both pieces of malware have been used in ongoing espionage operations against organizations in the administrative, agriculture, and transportation sectors. According to researchers, the hackers are interested in gathering data from victims in Donetsk, Lugansk, and Crimea. Once within the victim network, the CommonMagic espionage campaign's perpetrators can use different plugins to steal documents and files from USB devices. The malware can also take screenshots using the Windows Graphics Device Interface (GDI) Application Programming Interface (API) every three seconds. The researchers suspect spear phishing or a similar technique was used to deliver a URL referring to a ZIP archive containing a malicious LNK file. This article continues to discuss CommonMagic and PowerMagic.

Bleeping Computer reports "Hackers Use New PowerMagic and CommonMagic Malware to Steal Data"