Lobshot

Malware Profile Updated 24 days ago
Download STIX
Preview STIX
Lobshot is a stealthy remote access malware that has been used by cybercriminals, notably Russian threat actors, in various malicious campaigns. It was featured alongside other well-known malware samples like DarkGate infostealer, Ducktail, and Redline in deceptive campaigns where it was embedded into fake Windows 11 upgrade installers. The malware is known to be distributed through malvertising techniques, with threat groups leveraging these strategies to disguise legitimate software with backdoors such as Lobshot. The campaigns involving Lobshot have shown a high level of sophistication, suggesting the possible involvement of a single actor or group across multiple operations. For instance, Lobshot, along with DarkGate, Ducktail, and Redline Stealer, was deployed by a Vietnam-based cybercrime group targeting English-language Facebook business accounts in a campaign aimed at digital marketing firms in the U.S., UK, and India. This group used these malware types in conjunction with Malware as a Service (MaaS) toolkits to infect victims with Remote Access Trojans (RATs) and additional info-stealing malware. In addition to its use in broad campaigns, Lobshot's stealth and remote access capabilities make it a significant threat to individual users and businesses alike. Its association with other malware types such as Ducktail, which is used to steal Facebook business accounts, and Redline, which collects information about infected devices, underscores the multifaceted nature of the threats posed by these coordinated cybercrime efforts. As such, heightened vigilance and robust cybersecurity measures are necessary to mitigate the risks associated with Lobshot and similar malware.
What's your take? (Question 1 of 5)
8b7d62e6-d445-4979-b708-4323bed93ca8 Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Malware
Windows
Trojan
Malvertising
Infostealer
Cybercrime
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
DarkgateUnspecified
3
DarkGate is a form of malware that has been causing significant issues in recent times. This malicious software, designed to exploit and damage computer systems, infiltrates devices through suspicious downloads, emails, or websites without the user's knowledge. Once inside, it can steal personal inf
Redline StealerUnspecified
3
RedLine Stealer is a type of malware that infiltrates systems to exfiltrate sensitive data. This malicious software, often delivered through suspicious downloads, emails, or websites, can disrupt operations, steal personal information, or even hold data for ransom. A packet capture (pcap) analysis f
RedlineUnspecified
2
RedLine is a notorious malware, discovered in March 2020, that has been used extensively by threat actors to export personal information such as credentials, cryptocurrency wallets, and financial data to its command-and-control infrastructure. The malware infiltrates systems via suspicious downloads
DucktailUnspecified
2
"Ducktail" is a malicious software (malware) first observed in 2022, specifically designed to target Facebook business accounts. The malware was discovered by Zscaler, a leading cybersecurity firm, and it's suspected to originate from threat actors based in Vietnam. Ducktail not only infiltrates sys
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
TA505Unspecified
3
TA505, also known as Cl0p Ransomware Gang and Lace Tempest, is a highly active and sophisticated cybercriminal group. The group has been associated with various high-profile cyber-attacks, demonstrating adaptability through a multi-vector approach to their operations. In June 2023, the U.S. Cybersec
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Lobshot Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
CERT-EU
a year ago
New Malware Granting Threat Actors Hidden VNC Access
DARKReading
a year ago
Google Ads Abused to Lure Corporate Workers to LOBSHOT Backdoor
Securityaffairs
a year ago
New Lobshot hVNC malware spreads via Google ads
CERT-EU
a year ago
New LOBSHOT Malware Deployed Via Google Ads
CERT-EU
a year ago
LOBSHOT: a Covert, Info-Stealing Malware on the Loose
CERT-EU
a year ago
Russian cybercriminals spread new Lobshot banking trojan via Google ads
CERT-EU
a year ago
New Lobshot hVNC malware spreads via Google ads | IT Security News
CERT-EU
a year ago
Fleckpe malware infects 620,000 Android handsets via Google Play
CERT-EU
7 months ago
Vietnamese hackers attack UK, US and India with DarkGate malware
CERT-EU
9 months ago
Stealthy ‘LabRat’ Campaign Abuses TryCloudflare to Hide Infrastructure
CERT-EU
10 months ago
New hVNC macOS Malware Advertised on Hacker Forum
CERT-EU
7 months ago
DarkGate attacks linked to Vietnam-based cyber criminals – Global Security Mag Online
BankInfoSecurity
7 months ago
Vietnamese Hackers Hit Digital Marketers With Info Stealers
CERT-EU
7 months ago
Hackers target US Facebook biz accounts with potent malware cocktail
BankInfoSecurity
7 months ago
Vietnamese Hackers Hit Digital Marketers With Infostealers
CERT-EU
7 months ago
Vietnamese Hackers Hit Digital Marketers With Info Stealers
DARKReading
7 months ago
Ducktail Infostealer, DarkGate RAT Linked to Same Threat Actors
InfoSecurity-magazine
7 months ago
DarkGate Malware Campaigns Linked to Vietnam-Based Cybercriminals
CERT-EU
7 months ago
Researchers uncover DarkGate malware's Vietnamese connection - Help Net Security