The Crystal Finance Millennium website in Ukraine has been hacked and distributing malware since at least August 18. The website is currently taken offline by the hosting provider, but archives of the website exist online. Smoke Loader, also known as Dofoil, Sharik or just ‘Smoke’, is a botnet with the main purpose of downloading other malware. Chthonic is a banking trojan and derivative of Zeus, well-known banking malware. The same PSCrypt campaign was spotted earlier this month by @malwarehunterteam.”]
Source: https://bartblaze.blogspot.com/2017/08/crystal-finance-millennium-used-to.html