Tens of thousands of devices around the world have already been breached with information-stealing malware by the Marko Polo cybercrime operation through more than 30 cryptocurrency and gaming-related scams aimed at technology professionals, cryptocurrency influencers, and online gamers, according to The Record, a news site by cybersecurity firm Recorded Future.
While most of the scams involved spearphishing attacks spreading the Atomic macOS Stealer via malicious Zoom meeting client builds, Marko Polo also impersonated productivity software, blockchain-based projects, and online games to facilitate compromise with the Rhadamanthys, StealC, and HijackLoader payloads, an analysis from Recorded Future's Insikt Group researchers revealed. Aside from conducting extensive infostealer compromise, Marko Polo has also consistently updated attack infrastructure, tactics, and scam naming schemes to bypass detection. "This adaptability not only makes Marko Polo a persistent threat but also signals that it will likely continue evolving its methods to stay ahead of cybersecurity defenses," said researchers.
