VERY IMPORTANT

The report details a campaign by threat actors who create malicious websites hosted on popular web hosting and blogging platforms, leveraging search engine optimization techniques to distribute malware and steal data. The malicious sites employ obfuscation methods and referral URL checks to evade detection, delivering payloads through multi-level zipped files. Once executed, the malware employs techniques like process hollowing, DLL sideloading, and PowerShell commands to download additional malware and establish command-and-control communication. It gathers extensive data, including system information, browser data, credentials, and browsing history, while also monitoring and potentially modifying emails related to cryptocurrency exchanges.