Attacks deploying the StealC, Atomic macOS Stealer, and Angel Drainer payloads have been deployed by Russian cybercrime operation Crazy Evil as part of its more than 10 ongoing scam campaigns aimed at facilitating cryptocurrency and other digital asset compromise in Windows and macOS systems, according to The Hacker News.
Aside from being composed of half a dozen sub-teams distributing the StealC and AMOS stealers masquerading as WeChat, Zoom, Selenium Finance, and other platforms, Crazy Evil — which initially operated as a traffer network that sought to redirect legitimate traffic to phishing sites — also sought to provide crypter services for various malware, a report from Recorded Future’s Insikt Group revealed. Such findings come as the Insikt Group detailed the TAG-124 traffic distribution system leveraged by the Rhysida and Interlock ransomware operations, among others. Meanwhile, malicious GitHub-hosted installers were reported by Trend Micro researchers to have been leveraged to enable the spread of the Lumma Stealer, Vidar Stealer, SectopRAT, and Cobalt Strike beacon.
