Proton66: Compromised WordPress Pages and Malware Campaigns
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
This intelligence briefing focuses on malware campaigns linked to Proton66, particularly those targeting Android devices through compromised WordPress websites. It details how these sites were injected with malicious scripts to redirect Android users to fake Google Play Store pages. The report also covers the XWorm campaign targeting Korean-speaking users, the Strela Stealer targeting German-speaking countries, and the WeaXor ransomware. The analysis provides insights into the infection chains, malware configurations, and command-and-control servers used in these campaigns. Additionally, it offers recommendations for blocking associated IP ranges and lists numerous indicators of compromise (IOCs) for each campaign.
OPENCTI LABELS :
phishing,ransomware,xworm,android,remcos,wordpress,korea,germany,strela stealer,weaxor
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
Proton66: Compromised WordPress Pages and Malware Campaigns