Part 2: Compromised WordPress Pages and Malware Campaigns
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
This analysis focuses on malware campaigns linked to Proton66, particularly those targeting Android devices through compromised WordPress websites. The threat actors used redirector scripts to target users from various countries, mimicking the Google Play Store. Additionally, the XWorm campaign targeted Korean-speaking users through fake investment chat rooms. The Strela Stealer targeted email clients in German-speaking countries, while the WeaXor ransomware, a revised version of Mallox, was also observed. The report details the infection chains, provides IOCs, and recommends blocking CIDR ranges associated with Proton66 and Chang Way Technologies to mitigate risks.
OPENCTI LABELS :
phishing,ransomware,xworm,android,credential theft,remcos,wordpress,strela stealer,proton66,weaxor
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
Part 2: Compromised WordPress Pages and Malware Campaigns