Blog | G5 Cyber Security

Password-stealing Malware Predator the Thief Via Word Documents

Fortinet observed a recent campaign of Predator the Thief with version 3.3.4 with enhanced capabilities. The malware was first observed by Fortinet in July of 2018, the threat actors behind the malware family upgrading it in short intervals to make it more stealthy. It is fully written in C/C++ and the malware is sold in underground forums for between $35 and $80. The campaign uses multiple fake invoice documents that deliver Predator the thief malware as the final payload. Once the user opens the word document, AutoOpen macro runs the malware VBA script, which downloads three files using Powershell. The malware sends the stolen information as a zip file.”]

Source: https://gbhackers.com/predator-the-thief-malware/

Exit mobile version