News

CoralRaider Cybercriminals Expand Operations Worldwide

CoralRaider Cybercriminals Expand Operations Worldwide
Images are for illustrative purposes only and may not accurately represent reality

Researchers Uncover New Malware Distribution Tactics

Cybersecurity experts have recently uncovered alarming activities conducted by a threat actor group known as CoralRaider. The group, which originated in Vietnam, has been distributing malicious infostealers to unsuspecting victims across the globe using a content delivery network (CDN) called Bynny. This nefarious technique has allowed them to bypass security measures and target users in various regions including the US, the UK, Germany, Japan, and several others.

According to reports, CoralRaider's primary method of attack involves sending phishing emails with a malicious Windows shortcut link attached. When opened, this link prompts the download of an obfuscated HTML application hosted on the Bynny CDN. This application contains JavaScript code that disables certain security features and installs one of three infostealers—LummaC2, Rhadamanthys, or Cryptobot.

The infostealers used in these attacks are relatively new, with some features added just last year. For example, Cryptobot has seen an alarming infection rate of over half a million devices annually despite being less well-known than its counterparts. These infostealers are designed to extract sensitive information such as login credentials, multi-factor authentication codes, cryptocurrency wallet details, and banking information.

This recent discovery highlights the ever-evolving landscape of cybersecurity threats and the importance of staying vigilant. Users are encouraged to be cautious of suspicious emails and ensure that their security systems are up to date to avoid falling victim to such cyber attacks.

Protect Against Infostealers with Advanced Security Solutions

For individuals and businesses looking to bolster their defenses against infostealers and other cyber threats, exploring the best firewalls and endpoint security tools on the market is highly recommended. In this age of digital vulnerability, taking proactive steps to secure your online presence is more crucial than ever.

Read next