Summary
Key Points:
- A Lithuanian national has been arrested for distributing clipboard-stealing malware disguised as KMSAuto, affecting 2.8 million systems and stealing approximately $1.2 million in virtual assets.
- A coordinated exploitation campaign targeting Adobe ColdFusion servers has been observed, utilizing multiple CVEs to execute code and harvest credentials across various countries.
- Organizations should enhance monitoring for clipboard malware and implement strict controls on software installations, particularly for tools that activate licenses.
Technical Details: The clipboard-stealing malware was distributed under the guise of KMSAuto, while the ColdFusion exploitation leveraged CVE-2023-26359 and others to gain unauthorized access and execute commands.
MITRE ATT&CK Techniques:
- T1071.001 - Application Layer Protocol: Web Protocols (Command and Control)
- T1203 - Exploitation for Client Execution (Execution)
- T1003.001 - OS Credential Dumping: LSASS Memory (Credential Access)
IOCs Mentioned:
- CVE-2023-26359
- CVE-2023-38205
- CVE-2023-44353
- CVE-2023-38203
- CVE-2023-38204
- CVE-2023-29298
- CVE-2023-29300
- CVE-2023-26347
- CVE-2024-20767
- CVE-2023-44352
Join the discussion — sign up to comment, upvote, and save articles.