VERY IMPORTANT

The report provides an analysis of an ongoing malware campaign since February 2024, operated by a suspected threat actor distributing three popular information stealer malware: Cryptbot, LummaC2, and Rhadamanthys. The campaign affects victims across multiple countries, including the U.S., Nigeria, Pakistan, Ecuador, Germany, Egypt, the U.K., Poland, the Philippines, Norway, Japan, Syria, and Turkey. The threat actor is using Content Delivery Network (CDN) caches to host malicious files and employs tactics like Windows Shortcut files, PowerShell scripts, and FoDHelper technique to bypass User Access Control (UAC). The report also details the infection chain, payloads, and tactics used by the threat actor.