Welcome!

By registering with us, you'll be able to discuss, share and private message with other members of our community.

SignUp Now!
banner Expire 25 April 2025
adv ex on 5 january 2024
adv ex on 22 February 2024
Banner expire 20 November 2024
Kfc Club

Patrick Stash
casino
banner expire at 13 August 2024
BidenCash Shop
Rescator cvv and dump shop
Yale lodge shop
UniCvv

RedX

TRUSTED VENDOR
Staff member
Joined
Nov 26, 2020
Messages
716

The SSLoad malware has become one of the main tools in the arsenal of cybercriminals.

Cybersecurity researchers have identified an ongoing cyberattack campaign that uses phishing emails to spread malicious software called SSLoad. The campaign is codenamed FROZEN # SHADOW and includes the use of the Cobalt Strike program and ConnectWise ScreenConnect remote access software.

Experts from Securonix noted that SSLoad is designed for secret penetration into systems, collecting confidential information and transmitting data to operators. The malware installs multiple backdoors and payloads in the victim's system at once to maintain fast access and avoid detection.

Phishing attacks randomly target organizations in Asia, Europe, and the Americas. Emails contain links that lead to downloading a JavaScript file, which triggers the infection chain.

Earlier this month, Palo Alto Networks discovered at least two different methods for distributing SSLoad: one involves using contact forms to embed trap URLs, and the other includes Microsoft Word documents with macro support. In addition, phishing through contact forms is actively used to distribute other malware — Latrodectus.

JavaScript file ("out_czlrh.js"), launched via "wscript.exe", connects to a network resource and downloads the MSI installer ("slack. msi"), which, in turn, installs SSLoad via "rundll32.exe" and establishes a connection with the management server.

In the initial phase of intelligence using Cobalt Strike, attackers install ScreenConnect, which allows them to remotely monitor the infected host. They then begin collecting credentials and scanning the system for sensitive information.

Researchers have observed that attackers move to other systems on the network, including the domain controller, and eventually create their own domain administrator account. This gives them access to any computer on the network, posing a serious threat to organizations, since identifying and fixing the consequences of an attack can be time-consuming and expensive.

https://carder.market/login/
 
Top Bottom