Latrodectus and ACR Stealer Observed Spreading via Google Authenticator Phishing Site
Latrodectus and ACR Stealer Observed Spreading via Google Authenticator Phishing Site
12 August 2024
The phishing site tricks users into downloading a malicious file disguised as Google Authenticator, which then drops the two malware components. The ACR Stealer exfiltrates data to a C&C server, while Latrodectus maintains persistence on the machine.