Lobshot

Malware updated 7 months ago (2024-05-04T22:18:20.450Z)
Download STIX
Preview STIX
Lobshot is a stealthy remote access malware that has been used by cybercriminals, notably Russian threat actors, in various malicious campaigns. It was featured alongside other well-known malware samples like DarkGate infostealer, Ducktail, and Redline in deceptive campaigns where it was embedded into fake Windows 11 upgrade installers. The malware is known to be distributed through malvertising techniques, with threat groups leveraging these strategies to disguise legitimate software with backdoors such as Lobshot. The campaigns involving Lobshot have shown a high level of sophistication, suggesting the possible involvement of a single actor or group across multiple operations. For instance, Lobshot, along with DarkGate, Ducktail, and Redline Stealer, was deployed by a Vietnam-based cybercrime group targeting English-language Facebook business accounts in a campaign aimed at digital marketing firms in the U.S., UK, and India. This group used these malware types in conjunction with Malware as a Service (MaaS) toolkits to infect victims with Remote Access Trojans (RATs) and additional info-stealing malware. In addition to its use in broad campaigns, Lobshot's stealth and remote access capabilities make it a significant threat to individual users and businesses alike. Its association with other malware types such as Ducktail, which is used to steal Facebook business accounts, and Redline, which collects information about infected devices, underscores the multifaceted nature of the threats posed by these coordinated cybercrime efforts. As such, heightened vigilance and robust cybersecurity measures are necessary to mitigate the risks associated with Lobshot and similar malware.
Description last updated: 2024-05-04T21:28:02.652Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Aliases We are not currently tracking any aliases
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Malware
Windows
Trojan
Malvertising
Infostealer
Cybercrime
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Malware
To see the evidence that has resulted in these malware associations, create a free account
Alias DescriptionAssociation TypeVotes
The Darkgate Malware is associated with Lobshot. DarkGate is a multifunctional malware that poses significant threats to computer systems and networks. It has been associated with various malicious activities such as information theft, credential stealing, cryptocurrency theft, and ransomware delivery. DarkGate infiltrates systems through suspicioUnspecified
3
The Redline Stealer Malware is associated with Lobshot. The RedLine Stealer is a formidable malware that specializes in stealthily stealing credentials and sensitive information. First documented in 2020, it has since evolved to use the Windows Communication Foundation (WCF) framework and later a REST API for network communication. This malware infects sUnspecified
3
The Redline Malware is associated with Lobshot. RedLine is a type of malware, a malicious software designed to exploit and damage computer systems. It often infiltrates systems through suspicious downloads, emails, or websites and can steal personal information, disrupt operations, or hold data for ransom. RedLine has been favored by threat actorUnspecified
2
The Ducktail Malware is associated with Lobshot. "Ducktail" is a malicious software (malware) first observed in 2022, specifically designed to target Facebook business accounts. The malware was discovered by Zscaler, a leading cybersecurity firm, and it's suspected to originate from threat actors based in Vietnam. Ducktail not only infiltrates sysUnspecified
2
Associated Threat Actors
To see the evidence that has resulted in these threatActor associations, create a free account
Alias DescriptionAssociation TypeVotes
The TA505 Threat Actor is associated with Lobshot. TA505, also known as Cl0p Ransomware Gang and Lace Tempest, is a highly active and sophisticated cybercriminal group. The group has been associated with various high-profile cyber-attacks, demonstrating adaptability through a multi-vector approach to their operations. In June 2023, the U.S. CybersecUnspecified
3
Source Document References
Information about the Lobshot Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
CERT-EU
a year ago
DARKReading
a year ago
BankInfoSecurity
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
BankInfoSecurity
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
InfoSecurity-magazine
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
2 years ago
Securityaffairs
2 years ago
CERT-EU
2 years ago
CERT-EU
2 years ago
DARKReading
2 years ago
CERT-EU
2 years ago
CERT-EU
2 years ago
CERT-EU
2 years ago