Novel payloads distributed in latest CopperStealer operator attacks

Financially motivated threat operation Water Orthus, which was behind the CopperStealer malware, has reemerged with new attacks deploying the novel CopperStealth and CopperPhish payloads, reports The Hacker News. Water Orthus' CopperStealth attack campaign commenced in March and involved the use of free software installers to facilitate the distribution and loading of a rootkit, which then prompts payload injection, according to a report from Trend Micro. Meanwhile, attacks with CopperPhish, which were identified the following month, involved the exploitation of file-sharing sites' PPI networks to enable the delivery of the phishing kit, which has credit card data collection capabilities. "The credential verification and confirmation code are two useful features that make this phishing kit more successful, as the victim cannot simply close the window or enter fake information just to get rid of the window," said researchers, who have attributed both CopperStealth and CopperPhish to Water Orthus due to their source code similarities with CopperStealer.