Information-stealing trojan RedLine Stealer has gained a more advanced variant leveraging the Lua bytecode and spoofing game cheats to facilitate increased stealth, The Hacker News reports.
Attacks involved the exploitation of GitHub to enable the delivery of a ZIP archive masquerading as a game cheat, including an MSI installer that would run malicious Lua bytecode, which would prevent PowerShell, JScript, and other familiar scripts while concealing malicious strings, a report from McAfee Labs revealed. Further examination of the attack chain showed that the installer's "compiler.exe" executable establishes persistence before being run under a new name, which then enables command-and-control communications, screenshot capturing, and data exfiltration, researchers said.
Such findings follow a report from Recorded Future's Insikt Group describing a widespread Russian cybercrime operation using fraudulent Web3 gaming lures to facilitate the distribution of numerous information-stealing malware, including RisePro, Atomic macOS Stealer, Rhadamanthys, and Stealc.
