Select Page

A sophisticated stealer-as-a-ransomware threat dubbed RedEnergy has been spotted in the wild targeting energy utilities, oil, gas, telecom, and machinery sectors in Brazil and the Philippines through their LinkedIn pages.

The .NET malware “possesses the ability to steal information from various browsers, enabling the exfiltration of sensitive data, while also incorporating different modules for carrying out ransomware activities,” Zscaler researchers Shatak Jain and Gurkirat Singh said in a recent analysis.

The objective, the researchers noted, is to couple data theft with encryption with the goal of inflicting maximum damage to the victims.

The starting point for the multi-stage attack is a FakeUpdates (aka SocGholish) campaign that tricks users into downloading JavaScript-based malware under the guise of web browser updates.

images from Hacker News