Hacker uses new ‘Screenshotter’ malware tool to target organisations

A new hacker recognized as TA886 targets organisations within the US and Germany with the new customized malware tool “Screenshotter” to carry out surveillance and knowledge theft on contaminated techniques.

According to BleepingComputer, the beforehand unknown cluster of exercise was first found by the US-based safety agency Proofpoint in October 2022.

The hacker seems to be motivated by cash, conducting a preliminary evaluation of breached techniques to decide if the target is effective sufficient for additional intrusion.

Moreover, the report mentioned that the hacker targets victims utilizing phishing emails that embrace Microsoft Publisher (.pub) attachments with malicious macros, URLs linking to .pub recordsdata with macros, or PDFs containing URLs that obtain harmful JavaScript recordsdata.

In December 2022, the safety agency reported that the variety of emails despatched in TA886 grew exponentially, and continued to develop in January 2023. The emails have been both written in English or German, relying on the target.

If the recipients of those emails click on on the URLs, a multi-step assault chain is began, which ends up in the obtain and execution of the new malware tool “Screenshotter” utilized by TA886.

This tool captures JPG screenshots from the sufferer’s machine and sends them to the menace actor’s server for assessment.

The attackers then manually study these screenshots to decide the worth of the sufferer, the report talked about.

Proofpoint says TA886 is actively concerned within the attacks,analysing stolen knowledge and sending instructions to its malwareat occasions that correspond to a typical workday in several time zones.

(With inputs from IANS)