Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Alerts

Phishing Delivers MrAnon Stealer

December 8, 2023
Reading Time: 2 mins read
in Alerts
Phishing Delivers MrAnon Stealer

FortiGuard Labs recently uncovered a sophisticated email phishing campaign that exploits fake hotel booking information to trick victims into downloading a malicious PDF. In this campaign, the attackers send phishing emails, posing as a company inquiring about room availability in December.

The emails contain fraudulent hotel booking details for the holiday season, accompanied by a malicious PDF file that has a hidden downloader link. The PDF file, when opened, downloads a .NET executable file created with PowerGUI.

This executable file runs a PowerShell script, which then fetches the final payload – a malware known as MrAnon Stealer. MrAnon Stealer is a Python-based information stealer that is compressed with cx-Freeze to avoid detection. It is designed to steal various types of sensitive information from victims, including credentials, system information, browser sessions, and cryptocurrency extensions.

The attackers use deceptive tactics throughout the infection chain. The initial phishing email appears as a legitimate inquiry about hotel room availability, and the malicious PDF file is disguised as a hotel booking document. The .NET executable and PowerShell script further disguise the malicious activities, making it challenging for users and security systems to detect the threat.

The telemetry data suggests that Germany was the primary target of this phishing campaign, as the downloader URL was mostly queried in that region. The attackers demonstrated increased activity and aggressiveness in November 2023, as reflected in the rise in queries for the malicious URL during that month. This discovery highlights the evolving tactics of cybercriminals who leverage social engineering and sophisticated malware to target individuals and organizations.

It underscores the importance of user awareness, email security measures, and robust endpoint protection to defend against such phishing campaigns and prevent the compromise of sensitive data. Organizations should remain vigilant, regularly update their security protocols, and educate users to recognize and report suspicious emails to mitigate the risks associated with these types of cyber threats.

Referral link

  • Mnanon Stealer
Tags: Amazon Web ServicesCyber AlertCyber Alerts 2023Cyber RiskDecember 2023HackerPhhisng
ADVERTISEMENT

Related Posts

Fake PyPI Login Site Steals Credentials

Fake PyPI Login Site Steals Credentials

September 26, 2025
Fake PyPI Login Site Steals Credentials

Google Warns of BRICKSTORM Malware

September 26, 2025
Fake PyPI Login Site Steals Credentials

Hidden WordPress Backdoors Create Admins

September 26, 2025
BadIIS Malware Spreads Via SEO Poisoning

Hackers Target AWS and Steal Credentials

September 24, 2025
BadIIS Malware Spreads Via SEO Poisoning

SonicWall SMA100 Update Removes Rootkit

September 24, 2025
BadIIS Malware Spreads Via SEO Poisoning

BadIIS Malware Spreads Via SEO Poisoning

September 24, 2025

Latest Alerts

Fake PyPI Login Site Steals Credentials

Google Warns of BRICKSTORM Malware

Hidden WordPress Backdoors Create Admins

Hackers Target AWS and Steal Credentials

SonicWall SMA100 Update Removes Rootkit

BadIIS Malware Spreads Via SEO Poisoning

Subscribe to our newsletter

    Latest Incidents

    Indian Bank Transfer Records Exposed

    Chinese Cyberspies Hit US Defense Firms

    Neon App Shuts Down After Data Leak

    Boyd Gaming Reports Data Breach After Attack

    Morrisroe UK Company Hit By Cyber Attack

    GeoServer Flaw Breaches US Agency Network

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial