Author

Topic: Atlantida Malware - a new crypto info stealer in the wild (Read 80 times)

legendary
Activity: 2212
Merit: 7064
Another .exe file wind0ws malware, and I see they are using crap closed source wallets like atomic, guarda and exodus to steal crypto.
Simple solution is to make a switch to good linux OS and most of the malware problems will be gone forever.
legendary
Activity: 3122
Merit: 2178
Playgram - The Telegram Casino
The first attack vector is to let unsuspecting victims to download a .hta file from a compromised website. And this is due to the fact that there are vulnerabilities in MSHTML Platform Spoofing Vulnerability, known as CVE-2024-38112

Oof. At first I thought "Well, who uses Internet Explorer nowadays anyway" but then I stumbled across this nugget:

And Microsoft doesn't seem to care unless you are an enterprise customer.

Bold of you to assume that Microsoft cares about its enterprise customers Wink
legendary
Activity: 1568
Merit: 6660
bitcoincleanup.com / bitmixlist.org
Another Windows vulnerability.

I can't say I'm surprised.

Windows has all sorts of obsolete items that are buried inside their codebase in all versions, even newer versions, making them 1000x more vulnerable than Macs and Linux computers.

And Microsoft doesn't seem to care unless you are an enterprise customer. It's always "backward compatibility" and not ripping the stuff out like Apple or Linux devs would do.

.MHTML is an obsolete format, it should've been buried 10 years ago when JS frameworks became popular.
hero member
Activity: 2842
Merit: 772
There is a new info stealer in the wild called Atlantida. And what it does is to trick users to download malware laden files from compromised site. The first attack vector is to let unsuspecting victims to download a .hta file from a compromised website. And this is due to the fact that there are vulnerabilities in MSHTML Platform Spoofing Vulnerability, known as CVE-2024-38112



And part of it's info stealing capability is to look for the following in their victims machine,



Quote
One of the notable functions of Atlantida stealer is its ability to steal data from Chrome-based browser extensions. For each Chrome-based extension, an “Extension ID” is given. The malware uses this information to harvest data stored within. Atlantida harvests data from the following cryptocurrency wallets extensions:



https://www.rapid7.com/blog/post/2024/01/17/whispers-of-atlantida-safeguarding-your-digital-treasure/

And with that, it's really very important that if we are a crypto enthusiast, we should all be aware on how to protect our mobile phone, laptop and desktop and practice safety hygiene.

We really can't stress that enough as we are about to hit a bull run and so cyber criminals are also ramping their attacks.
Jump to: