HackBrowserData Infostealer Malware Uses in Attacks on Indian Entities

Researchers have exposed a fresh espionage attempt directed at Indian governmental bodies and the nation's energy sector, employing a modified edition of an open-source data pilfering tool named HackBrowserData. This tool is capable of gathering login credentials, cookies, and browsing history.

Unveiled by researchers from Dutch cybersecurity firm EclecticIQ in early March, the campaign's origin remains unidentified. Their findings, disclosed on Wednesday, reveal that hackers siphoned off 8.81 GB of data from targets, potentially facilitating further infiltrations into Indian government systems.

Initial Attact Vector Uses PDF Files

The malicious software was distributed through a phishing PDF file masquerading as an invitation letter from the Indian Air Force. It's presumed that the original PDF was obtained in a prior breach and repurposed by the attackers.

The innocuous-looking document contained a hidden shortcut to the malware. Once activated, the malware promptly commenced stealing documents and cached browser data, transmitting them to Slack channels under the control of the attackers, aptly named "FlightNight."

HackBrowserData Goes After Documents and Databases

The malware was programmed to specifically target certain file types, such as Microsoft Office documents, PDFs, and SQL databases, likely to expedite the theft process.

Victimized entities included Indian agencies overseeing electronic communications, IT governance, and national defense, as well as private energy firms, from which financial documents, employee details, and information on oil and gas drilling activities were extracted.

Though the group responsible for the campaign remains unidentified, the similarities in the malware and delivery method suggest a link to a previous attack in January, which targeted Indian Air Force officials using a credential-stealing malware named GoStealer.

Both campaigns appear to be the handiwork of the same threat actor, as per EclecticIQ. These incidents underscore the effectiveness of leveraging open-source tools for cyber espionage, according to the researchers.

By Zaib
March 29, 2024
Computer Security
English
March 29, 2024
Computer Security

Popular Posts

As Fears of the Coronavirus Pandemic Spread, So Does...

5 years ago

What is the OperaGXSetup.exe File and is it Malicious?

11 months ago

Eporner.com And Why Its Excessive Pop-Ups Are Risky

11 days ago

HackTool:Win32/Crack: a Malicious Threat That Can Seriously...

7 months ago

Take Note: Someone Added You As Their Recovery Email Scam

10 months ago

A Potentially Serious Threat: Trojan:Win32/Suschil!rfn

18 days ago

Related Posts

Malware

Logtu Malware Used in Attacks on Eastern European Entities

Security researchers published a report on a series of cyber attacks targeting military industrial entities located in Eastern Europe and Afghanistan. The attacks took place back in January 2022 and are linked to a... Read more

August 9, 2022
Phishing

'FakeCalls' Mobile Malware Uses Vishing Attacks

Check Point Research (CPR) recently uncovered a new form of Android vishing (voice phishing) malware tool that is affecting victims in South Korea. This malware, named “FakeCalls” by the CPR team, is designed to mimic... Read more

March 17, 2023
Trojan

Spyder Loader Malware Tool Used in Attacks on Hong Kong Entities

Spyder Loader is the name of a malicious tool that was first spotted early last year. The same malware is now used in attack campaigns targeting entities located in Hong Kong. Security researchers are tracking an... Read more

October 26, 2022
English
Loading...

Cyclonis Password Manager Details & Terms

FREE Trial: 30-Day One-Time Offer! No credit card required for Free Trial. Full functionality for the length of the Free Trial. (Full functionality after Free Trial requires subscription purchase.) To learn more about our policies and pricing, see EULA, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Home

Products

Cyclonis Password Manager Cyclonis World Time

Support

Help Files FAQs Downloads Inquiries & Support

Company

About Us Contact Us Report Abuse

Legal (Post Merger)

EnigmaSoft Limited (fka Cyclonis Limited)

Cyclonis Password Manager's EULA Cyclonis World Time's Terms of Service Privacy Policy Cookie Policy Special Discount Offer Terms Additional Terms & Conditions SpyHunter EULA RegHunter EULA EnigmaSoft Privacy Policy & Cookie Policy ESG Privacy Policy & Cookie Policy EnigmaSoft Discount Offer Terms ESG Discount Offer Terms

© 2017-2025 Cyclonis Ltd. CYCLONIS is a trademark of EnigmaSoft Limited (Cyclonis was merged into EnigmaSoft Limited effective November 25, 2023.) All rights reserved.

Registered Office EnigmaSoft Limited: 1 Castle Street, 3rd Floor, Dublin 2 D02 XD82, Ireland.
EnigmaSoft Limited, Private Company Limited by shares, Company Registration Number 597114.

Windows is a trademark of Microsoft, registered in the U.S. and other countries.
Mac, iPhone, iPad and App Store are trademarks of Apple Inc., registered in the U.S. and other countries.
iOS is a registered trademark of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
Android and Google Play are trademarks of Google LLC.