Vector

Russian threat actors are targeting Eastern European crypto users with fake job opportunities to install information-stealing malware, Enigma Stealer.

The ongoing malware campaign, active since July 2022, is directed against mobile users in Taiwan, Thailand, and Indonesia. The adoption of this modus operandi by Russian threat actors "demonstrates a persistent and lucrative attack vector." The malware, like other stealers, comes with features to harvest sensitive information, record keystrokes, and capture screenshots, all of which is exfiltrated back by means of Telegram. [much of the spike](https://thehackernews.com/2023/02/north-korean-hackers-exploit-unpatched.html) attributed to North Korean state-sponsored hacking crews. [PixPirate](https://thehackernews.com/2023/02/pixpirate-new-android-banking-trojan.html) to incorporate such workflow IDEs. [said](https://www.trendmicro.com/en_us/research/23/b/tgtoxic-malware-targets-southeast-asia-android-users.html). "This approach allows the attacker to continuously update and eliminates reliance on fixed file names." [Microsoft's attempts to close the loophole](https://thehackernews.com/2023/02/post-macro-world-sees-rise-in-microsoft.html). The intricate infection journey starts with a rogue RAR archive file that's distributed via phishing or social media platforms. [North Korea-backed](https://thehackernews.com/2022/08/north-korea-hackers-spotted-targeting.html) [Lazarus Group](https://thehackernews.com/2022/09/north-koreas-lazarus-hackers-targeting.html) in its attacks targeting the crypto sector. [added](https://thehackernews.com/2023/02/cisa-warns-of-active-attacks-exploiting.html) the vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. [said](https://www.trendmicro.com/en_us/research/23/b/enigma-stealer-targets-cryptocurrency-industry-with-fake-jobs.html) in a report this week.