Exposing the Deception: Russian EFF Impersonators Behind Stealc & Pyramid C2
NetmanageIT OpenCTI - opencti.netmanageit.com

SUMMARY :
A threat group impersonating the Electronic Frontier Foundation (EFF) is targeting Albion Online players through phishing messages and decoy documents. The campaign uses malware such as Stealc stealer and Pyramid C2 to compromise player accounts. Analysis of an exposed directory revealed PowerShell scripts, PDFs, and malicious payloads. The infrastructure includes multiple servers sharing SSH keys. Code comments suggest Russian-speaking developers. The attackers use EFF's reputation to lend credibility while executing malware in the background. The campaign exploits the game's player-driven economy, where in-game assets have real-world value. Mitigation strategies include cautious handling of unsolicited communications and verifying sources' authenticity.
OPENCTI LABELS :
phishing,stealc,gaming,russian-speaking,pyramid c2
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
Exposing the Deception: Russian EFF Impersonators Behind Stealc & Pyramid C2