NOVA: blast from the past
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
A large-scale campaign targeting Russian organizations across various industries has been uncovered. The attackers are using NOVA stealer, a commercial fork of SnakeLogger, distributed via phishing emails disguised as contract archives. NOVA, marketed under the Malware-as-a-Service model, steals credentials, captures keystrokes, takes screenshots, and extracts clipboard data. The malware gains persistence through Windows Task Scheduler and can disable security features. It's distributed on underground forums with subscriptions starting at $50. The campaign highlights the ongoing threat of stealers and the potential for stolen data to be used in future targeted attacks.
OPENCTI LABELS :
phishing,stealer,snakelogger,credential-theft,persistence,maas,nova
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
NOVA: blast from the past