Adobe Flash Player Update Used in Fishing Scam: Mranon Stealer Distribution Channel

New Phishing Campaign Targets German Users with Malicious Software

Security researchers from Fortinet have discovered a new phishing campaign that aims to spread the Mranon Stealer malware to users in Germany. The campaign has been found to be highly widespread and poses a significant threat to individuals and businesses.

Mranon Stealer, a Python information kidnapper, has been identified to be the main method of attack in this phishing campaign. The malware is compressed using CX-Freeze to avoid detection by security systems and is capable of extracting sensitive data, intercepting browser sessions, and stealing extension data related to cryptocurrencies.

According to Kara Lin, a researcher at Fortiguard Labs, the phishing emails used in this campaign masquerade as hotel room booking requests. The email contains an attached PDF file that supposedly contains an updated version of Adobe Flash Player. However, it is worth noting that Adobe has officially discontinued support for Flash Player for several years now, rendering any such update suspicious.

Upon opening the email attachment and consenting to download the file, victims unknowingly install the Mranon Stealer malware. The installation process involves the execution of various components, including the .NET execution environment, .NET classes, and programming language compilers. This indicates that the attackers are targeting a broad range of systems and applications.

The researchers have emphasized that Germany has been identified as the primary target of this phishing campaign as of November 2023. Organizations and individuals in Germany should exercise caution and be vigilant against suspicious emails, especially those related to hotel bookings or software updates.

Phishing Campaign Details:
Malware Name:Mranon Stealer

/Reports, release notes, official announcements.