Hundreds of cyberattacks daily have been spreading the novel Rugmi malware loader in October and November, representing a significant increase from the single-digit daily detections of the trojan beforehand, The Hacker News reports.
Threat actors have used Rugmi, which contains a downloader for the encrypted payload and two other loaders, to distribute various information-stealing malware, including Vidar, RecordBreaker or Raccoon Stealer V2, Lumma Stealer or LummaC2, and Rescoms, according to a report from ESET.
Meanwhile, the Lumma Stealer has also been noted to not only have been derived from the codebases of the Vidar, Mars, and Arkei stealers but also integrate updated functionality to bypass security systems.
"Ready-made malware solutions contribute to the proliferation of malicious campaigns because they make the malware available even to potentially less technically skilled threat actors. Offering a broader range of functions then serves to render Lumma Stealer even more attractive as a product," said ESET.
Malicious updates have been recently issued to the Python Package Index package "django-log-tracker," which was last modified in April 2022, to facilitate the distribution of the Nova Sentinel information-stealing malware, The Hacker News reports.