Lobshot

Malware updated 4 months ago (2024-05-04T22:18:20.450Z)

Download STIX

Preview STIX

Lobshot is a stealthy remote access malware that has been used by cybercriminals, notably Russian threat actors, in various malicious campaigns. It was featured alongside other well-known malware samples like DarkGate infostealer, Ducktail, and Redline in deceptive campaigns where it was embedded into fake Windows 11 upgrade installers. The malware is known to be distributed through malvertising techniques, with threat groups leveraging these strategies to disguise legitimate software with backdoors such as Lobshot. The campaigns involving Lobshot have shown a high level of sophistication, suggesting the possible involvement of a single actor or group across multiple operations. For instance, Lobshot, along with DarkGate, Ducktail, and Redline Stealer, was deployed by a Vietnam-based cybercrime group targeting English-language Facebook business accounts in a campaign aimed at digital marketing firms in the U.S., UK, and India. This group used these malware types in conjunction with Malware as a Service (MaaS) toolkits to infect victims with Remote Access Trojans (RATs) and additional info-stealing malware. In addition to its use in broad campaigns, Lobshot's stealth and remote access capabilities make it a significant threat to individual users and businesses alike. Its association with other malware types such as Ducktail, which is used to steal Facebook business accounts, and Redline, which collects information about infected devices, underscores the multifaceted nature of the threats posed by these coordinated cybercrime efforts. As such, heightened vigilance and robust cybersecurity measures are necessary to mitigate the risks associated with Lobshot and similar malware.

Description last updated: 2024-05-04T21:28:02.652Z

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Aliases We are not currently tracking any aliases

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Malware

Windows

Trojan

Malvertising

Infostealer

Cybercrime

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Malware

To see the evidence that has resulted in these malware associations, create a free account

ID	Type	Votes	Profile Description
Darkgate	Unspecified	3	DarkGate is a malicious software (malware) designed to exploit and damage computer systems, often infiltrating through suspicious downloads, emails, or websites. Once embedded in a system, DarkGate can steal personal information, disrupt operations, or hold data for ransom. Recently, the malware was
Redline Stealer	Unspecified	3	RedLine Stealer is a malicious software (malware) that infiltrates computer systems and devices, often unbeknownst to users. The malware can infect systems through suspicious downloads, emails, or websites, causing significant damage by stealing personal information, disrupting operations, or even h
Redline	Unspecified	2	RedLine is a notorious malware that has been widely used by cybercriminals to steal sensitive information. This malicious software infiltrates systems through suspicious downloads, emails, or websites and can cause significant damage by stealing personal data or disrupting operations. RedLine's conf
Ducktail	Unspecified	2	"Ducktail" is a malicious software (malware) first observed in 2022, specifically designed to target Facebook business accounts. The malware was discovered by Zscaler, a leading cybersecurity firm, and it's suspected to originate from threat actors based in Vietnam. Ducktail not only infiltrates sys

Associated Threat Actors

To see the evidence that has resulted in these threatActor associations, create a free account

ID	Type	Votes	Profile Description
TA505	Unspecified	3	TA505, also known as Cl0p Ransomware Gang and Lace Tempest, is a highly active and sophisticated cybercriminal group. The group has been associated with various high-profile cyber-attacks, demonstrating adaptability through a multi-vector approach to their operations. In June 2023, the U.S. Cybersec

Source Document References

Information about the Lobshot Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
CERT-EU	10 months ago	Vietnamese hackers attack UK, US and India with DarkGate malware
DARKReading	a year ago	Ducktail Infostealer, DarkGate RAT Linked to Same Threat Actors
BankInfoSecurity	a year ago	Vietnamese Hackers Hit Digital Marketers With Info Stealers
CERT-EU	a year ago	Hackers target US Facebook biz accounts with potent malware cocktail
CERT-EU	a year ago	Vietnamese Hackers Hit Digital Marketers With Info Stealers
BankInfoSecurity	a year ago	Vietnamese Hackers Hit Digital Marketers With Infostealers
CERT-EU	a year ago	DarkGate attacks linked to Vietnam-based cyber criminals – Global Security Mag Online
CERT-EU	a year ago	Researchers uncover DarkGate malware's Vietnamese connection - Help Net Security
InfoSecurity-magazine	a year ago	DarkGate Malware Campaigns Linked to Vietnam-Based Cybercriminals
CERT-EU	a year ago	Stealthy ‘LabRat’ Campaign Abuses TryCloudflare to Hide Infrastructure
CERT-EU	a year ago	New hVNC macOS Malware Advertised on Hacker Forum
CERT-EU	a year ago	New LOBSHOT Malware Deployed Via Google Ads
Securityaffairs	a year ago	New Lobshot hVNC malware spreads via Google ads
CERT-EU	a year ago	New Lobshot hVNC malware spreads via Google ads \| IT Security News
CERT-EU	a year ago	Russian cybercriminals spread new Lobshot banking trojan via Google ads
DARKReading	a year ago	Google Ads Abused to Lure Corporate Workers to LOBSHOT Backdoor
CERT-EU	a year ago	LOBSHOT: a Covert, Info-Stealing Malware on the Loose
CERT-EU	a year ago	New Malware Granting Threat Actors Hidden VNC Access
CERT-EU	a year ago	Fleckpe malware infects 620,000 Android handsets via Google Play