Victims fell for phishing trick
According to Group-IB, the hackers were able to grab the username/password pairs via malicious emails that distributed well-known spyware tools like Pony Formgrabber, AZORult, and Qbot (Qakbot).
The phishing operation targeted both personal and corporate email accounts and disguised the malware as a legitimate file or archive. When the victim opened the attachment, the malware would deploy and start looking for sensitive information on the system.
Pony targets over 70 software programs, searching for credentials in configuration files, databases, and secret storages. Once it collects the data, it sends it to the attacker's command and control (C2) server.
AZORult pilfers passwords from web browsers and also forages for data related to cryptocurrency. This particular trojan comes with a diverse set of capabilities that includes downloader functionality to
deliver other threats, such as the Aurora ransomware.
... ...
