"New Malware Campaign Leveraging Satacom Downloader to Steal Cryptocurrency"

A new malware campaign uses the Satacom downloader as a channel for distributing stealthy malware that can steal cryptocurrency via a malicious browser extension for Chromium-based browsers. The malware dropped by the Satacom downloader primarily aims to steal BTC from the victim's account through web injections into cryptocurrency-specific websites. The campaign's primary targets are Coinbase, Bybit, KuCoin, Huobi, and Binance users, mainly located in Brazil, Algeria, Turkey, Vietnam, Indonesia, India, Egypt, and Mexico. The Satacom downloader, also known as Legion Loader, emerged for the first time in 2019 as a dropper for next-stage payloads, such as information stealers and cryptocurrency miners. The infection chains involve users searching for cracked software and being redirected to fraudulent websites hosting ZIP archives containing the malware. According to researchers, different types of websites are used to spread the malware. Some of the malicious websites have a hardcoded download link, whereas others inject the 'Download' button via a legitimate advertising plugin. This article continues to discuss the malware campaign found to be leveraging the Satacom downloader to steal cryptocurrency. 

THN reports "New Malware Campaign Leveraging Satacom Downloader to Steal Cryptocurrency"