A phishing campaign has been observed delivering an information stealer malware called
MrAnon Stealer to unsuspecting victims via seemingly benign booking-themed PDF lures.
"This malware is a Python-based information stealer compressed with cx-Freeze to evade detection," Fortinet FortiGuard Labs researcher Cara Lin
said. "MrAnon Stealer steals its victims' credentials, system information, browser sessions, and cryptocurrency extensions."
There is evidence to suggest that Germany is the primary target of the attack as of November 2023, owing to the number of times the downloader URL hosting the payload has been queried.
Masquerading as a company looking to book hotel rooms, the phishing email bears a PDF file that, upon opening, activates the infection by prompting the recipient to download an updated version of Adobe Flash.
