越南駭客組織鎖定亞洲、東南亞用戶,利用惡意程式RotBot、XClient竊取資料
· 2024-04-12

研究人員針對越南駭客組織CoralRaider的攻擊行動提出警告,並指出對方的主要目的,很有可能是挾持社群網站的企業帳號及廣告帳號

此惡意程式啟動後,將會再度執行偵察,並下載組態檔案連接C2。值得一提的是,對方使用Telegram機器人做為C2通訊的管道。

上述連線成功後,RotBot將會把惡意酬載XClient載入記憶體,並執行外掛程式,然後竊取受害者的瀏覽器資料,並搜括社群網站臉書、Instagram抖音YouTube帳號,以及從Telegram、Discord電腦版應用程式收集資料。

值得留意的是,XClient還會特別確認受害者持有的臉書帳號屬性,是否為企業帳號或是廣告帳號,並進一步收集財務資訊、好友名單的詳細資料。

研究人員特別提到,對方使用了名為Dead Drop的攻擊手法,濫用合法服務代管C2組態資訊,而在進行寄生攻擊(LOLBins)的過程,這些駭客也運用了Forfiles.exe、FoDHelper.exe等不常見的可執行檔,來從事攻擊行動。

Popular articles
Vietnam’s Controlled Gaming Shift Gains Ground, But Domestic Demand Still Lags
Southeast Asia
B2B Tech Infrastructure Gains Momentum in Philippine Gaming Sector
Southeast Asia
UK MPs reopen 2025 gambling inquiry as reform stalls
Regulation
Zenith partners with HUIDU for 2026 World Cup Carnival Official Tour
Online Game
Manila delivers: Highlights from SiGMA Asia 2026 
Southeast Asia
JILI Partners with Cricket Legend AB de Villiers (ABD) to Launch Exclusive Branded Game Series 100% 11
Sports Game
Online gambling, crypto pose ongoing money laundering risks in Philippines, analyst says
Southeast Asia
GAT Expo Puerto Rico Will Pulse with the New Era of Gaming in the Caribbean
Marketing
GAT CDMX 2025 Institutional Academy: Leaders and Experts Analyze the Present and Future of the Gaming Industry in Mexico and Lat
Sports Game
Kazakhstan plans to penalise online casino promotions
Regulation
Brazil Proposes Raising Gambling Tax Rate to 24%, With Revenue Allocated to Social Security and Healthcare
Regulation
That’s a Wrap: AffPapa Conference Madrid 2026 Highlights
Online Game
SBC Summit Canada to Make Player Safety a Key Pillar of 2026 Agenda
Marketing
Indiana online casino bill stalls in House committee
Regulation
New Jersey July Gambling Revenue Hits $606M, Sweeps Casinos Banned
Regulation
Home
Game
Cooperation
Find
My