The downloader client script is responsible for the persistence, profiling of victims, and downloading additional AHK scripts from the command-and-control (C&C) servers which are located in the US, the Netherlands, and Sweden. Also, they are targeting financial institutions in the US and Canada. The full attack chain depicted below tracked the malware’s command-and-control (C&C) servers to determined the actual location, as these come from the US, the Netherlands, and Sweden.
How AutoHotkey is used as Password Stealer to Target US and Canadian Banking Users? Albeit, AHK allows the creation of a “compiled”. While threat actors have generally employed scripting language that has no built-in compiler within victims' operating system, and so can’t be executed without its compiler such as Python, AutoIT, and AutoHotkey (AHK) scripting language. AutoHotkey (AHK) is an open-source scripting language used for Microsoft Windows to provide easy macro-creation hotkeys and software automation that allow users to automate repetitive tasks within Windows apps.Īccording to Trend Micro researchers, a recent campaign that distributed a credential stealer was discovered that is written in AHK and tracking the campaign, shows that its activity has been ongoing since early 2020.
0 kommentar(er)
