The malware s attack chain. (Source: Trend Micro) Researchers from security firm Trend Micro have found a new infostealer malware strain, written in the AutoHotkey programming language, that is capable of stealing banking credentials from different web browsers.
The campaign, which began earlier this year, has been active across the U.S and Canada and has targeted the customers of Scotia Bank, PayPal, Royal Bank of Canada, Capital One and HSBC, among other banks. In mid-December, we discovered a campaign that distributed a credential stealer. By tracking the campaign components, we found out that its activity has been occurring since early 2020, Trend Micro notes. Our telemetry tracked the malware s command-and-control servers and determined that these come from the U.S., the Netherlands, and Sweden. We also learned that the malware has been targeting financial institutions in the US and Canada.”