Pirated Business Software Activator Spreads RedLine Stealer
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
A malicious campaign targeting users of unlicensed corporate business automation software has been discovered. The attackers are distributing malicious activators on accounting forums that contain the RedLine stealer hidden in an unusual way. The activator library is obfuscated using .NET Reactor, with the malicious code compressed and encrypted in multiple layers. The campaign began in January 2024 and continues to threaten users of unlicensed software. The attackers aim at entrepreneurs using current versions of a business process automation platform, spreading their solution disguised as a new version of the HPDxLIB activator. The malicious version differs from the 'clean' one primarily by using .NET and having a new self-signed certificate.
OPENCTI LABELS :
redline stealer
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
Pirated Business Software Activator Spreads RedLine Stealer