Phemedrone Stealer

Malware updated a month ago (2024-10-17T12:01:51.014Z)

Download STIX

Preview STIX

Phemedrone Stealer is a malicious software (malware) that infiltrates systems to exploit and damage them, often stealing personal information or disrupting operations. This malware can infect systems through suspicious downloads, emails, or websites, often without the user's knowledge. It was observed being used in attacks targeting a Windows Defender SmartScreen vulnerability, CVE-2023-36025, earlier in the year. The core functionality of another malware, Styx Stealer, was found to be entirely copied from Phemedrone Stealer, indicating its significant influence in the cybercrime landscape. Through comparative analysis of various versions of Phemedrone Stealer and Styx Stealer, researchers discovered multiple features present in the former that were absent in the latter. For instance, Phemedrone Stealer version 2.1.1, dated September 1, 2023, contained certain functionalities not found in the analyzed sample of Styx Stealer. These findings suggest that the code of Styx Stealer is based on an early version of Phemedrone Stealer, released before September 2023. The latest versions of Phemedrone Stealer have evolved to include more sophisticated features such as a unique tagging feature and the ability to send data to Telegram, encrypted with a unique key for each campaign. These advancements demonstrate the continuous development and adaptation of this malware, emphasizing the need for robust cybersecurity measures to counteract these threats.

Description last updated: 2024-10-17T12:00:14.209Z

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.

Alias Description	Votes
Phemedrone is a possible alias for Phemedrone Stealer. Phemedrone is a type of malware, or malicious software, that can infiltrate systems through various channels such as suspicious downloads, emails, or websites. Once inside a system, it can wreak havoc by stealing personal information, disrupting operations, or even holding data hostage for ransom. I	5

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Windows

Vulnerability

Malware

Exploit

Payload

Discord

Styx

Ransomware

Encryption

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Vulnerabilities

To see the evidence that has resulted in these vulnerability associations, create a free account

Alias Description	Association Type	Votes
The CVE-2023-36025 Vulnerability is associated with Phemedrone Stealer. CVE-2023-36025 is a significant vulnerability identified in the Windows SmartScreen security feature. It was one of three zero-day vulnerabilities discovered, with the others being CVE-2023-36033, a privilege escalation vulnerability in the Windows DWM Core Library, and CVE-2023-36036, another privi	Unspecified	6
The Windows Defender Smartscreen Bypass Vulnerability is associated with Phemedrone Stealer. The Windows Defender SmartScreen Bypass (CVE-2023-36025) is a significant vulnerability in the design and implementation of Microsoft's software. This flaw allows malicious actors to evade defensive mechanisms, enabling them to infiltrate systems undetected. The vulnerability has been exploited exte	Unspecified	2

Source Document References

Information about the Phemedrone Stealer Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
DARKReading	3 months ago	'Styx Stealer' Blows Its Own Cover With Sloppy OpSec Mistake
Checkpoint	3 months ago	Unmasking Styx Stealer: How a Hacker's Slip Led to an Intelligence Treasure Trove - Check Point Research
CERT-EU	10 months ago	Windows SmartScreen bug exploited to deliver powerful info-stealer (CVE-2023-36025)
InfoSecurity-magazine	5 months ago	Modular Malware Boolka’s BMANAGER Trojan Exposed
CERT-EU	10 months ago	Hackers Exploiting Windows Defender SmartScreen Flaw \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #hacker \| National Cyber Security Consulting
Securityaffairs	10 months ago	Phemedrone campaign exploits Windows smartScreen bypass
CERT-EU	10 months ago	Crypto Malware Designed for Windows Hacking on the Loose \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #hacker \| National Cyber Security Consulting
CERT-EU	10 months ago	How to exploit Windows Defender Antivirus to infect a device with malware
CERT-EU	10 months ago	Windows Defender SmartScreen Vulnerability Exploited with Phemedrone Stealer
InfoSecurity-magazine	10 months ago	Phemedrone Stealer Targets Windows Defender Flaw Despite Patch
CERT-EU	10 months ago	Windows Defender SmartScreen Vulnerability Exploited with Phemedrone Stealer \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #ransomware \| National Cyber Security Consulting
CERT-EU	10 months ago	Windows SmartScreen bug exploited to deliver powerful info-stealer (CVE-2023-36025) - Help Net Security
CERT-EU	10 months ago	Data-theft malware exploits Windows Defender SmartScreen
Trend Micro	10 months ago	CVE-2023-36025 Exploited for Defense Evasion in Phemedrone Stealer Campaign
CERT-EU	8 months ago	Malware Alert - Increasing Trend of DarkGate Malware Attacks Exploiting Microsoft Windows SmartScreen's Critical Vulnerability