.png)
2 days ago
1
Fortinet’s FortiGuard Labs has published a detailed analysis of a phishing campaign targeting Ukrainian organizations. The attackers used an unusual SVG file as the initial infection vector, which ultimately led to the deployment of Amatera Stealer (information-stealing malware) and PureMiner (a stealth crypto-miner).
The SVG file triggered a password-protected archive containing a CHM file that launched a loader called “CountLoader,” enabling fileless execution, process hollowing, and DLL side-loading.
This combination of stealer + miner, delivered through an SVG-based chain, shows a growing sophistication in phishing campaigns, especially those aimed at critical sectors.
Full report: https://www.fortinet.com/jp/blog/threat-research/svg-phishing-hits-ukraine-with-amatera-stealer-pureminer
