Close Menu
  • Home
  • Identity
  • Inventions
  • Future
  • Science
  • Startups
  • Spanish
What's Hot

Five ways identity-based attacks are violating retail

Over 17,000 fake news websites caught fuel supply investment scams worldwide

What are the factors that prevent the adoption of EVs in the UK?

Facebook X (Twitter) Instagram
  • Home
  • About Us
  • Advertise with Us
  • Contact Us
  • DMCA
  • Privacy Policy
  • Terms & Conditions
  • User-Submitted Posts
Facebook X (Twitter) Instagram
Fyself News
  • Home
  • Identity
  • Inventions
  • Future
  • Science
  • Startups
  • Spanish
Fyself News
Home » Deater Dexter targets 900 victims using Facebook ads and telegram malware links
Identity

Deater Dexter targets 900 victims using Facebook ads and telegram malware links

userBy userMarch 10, 2025No Comments3 Mins Read
Share Facebook Twitter Pinterest Telegram LinkedIn Tumblr Email Copy Link
Follow Us
Google News Flipboard
Share
Facebook Twitter LinkedIn Pinterest Email Copy Link

March 10, 2025Ravi LakshmananData Theft/Cryptocurrency

Facebook Ads and Telegram Malware Links

The Middle East and North Africa have been targeting new campaigns since September 2024 that will provide a fixed version of known malware called Asyncrat.

“The campaign to distribute malware using social media is related to the current geopolitical climate of the region,” Klimentiy Galkin and Stanislav Pyzhov said in an analysis released last week. “Attackers will host malware on legitimate online file sharing accounts or telegram channels specially configured for this purpose.”

The campaign is estimated to have charged around 900 casualties since fall 2024, the Russian cybersecurity company adds, demonstrating its widespread nature. The majority of the victims are in Libya, Saudi Arabia, Egypt, Turkey, the United Arab Emirates, Qatar and Tunisia.

Activities caused by a threat actor called Desert Dexter were discovered in February 2025. This involves creating temporary accounts and news channels mainly on Facebook. These accounts are used to publish advertisements that contain links to file sharing services or Telegram channels.

Cybersecurity

The link redirects users to a version of Asyncrat malware that has been modified to include offline keyloggers. Search for 16 different cryptocurrency wallet extensions and applications. Communicate with the telegram bot.

A kill chain starts with a RAR archive containing batch scripts or JavaScript files. It is programmed to run a PowerShell script that is responsible for triggering the second stage of the attack.

Specifically, you will exit the processes associated with various .NET services that may prevent malware from starting, remove the extensions BAT, PS1, and VBS from the “C:\ProgramData\Windowshost” and “C:\Users\public” folders, and create a new VBS file with C:\WindowsData\Users\bat and PS1 files.

The script then launches the Asyncrat payload by establishing system persistence, collecting and removing system information into a telegram bot, taking a screenshot, and finally injecting it into the “ASPNET_COMPILER.EXE” executable.

While the Arabic comments in JavaScript files suggest their potential, it is currently unknown who is behind the campaign.

Further analysis of the messages sent to the telegram bot revealed a screenshot named “Dextermsi” of the attacker’s own desktop. It features a PowerShell script and a tool named Luminosity Link Rat. Also present in the Telegram Bot is a link to a telegram channel named “Dexterlyly,” suggesting that the threatening actor may be from Libya. The channel was created on October 5th, 2024.

“The majority of victims are ordinary users, including employees in the following sectors: oil production, construction, information technology; [and] Agriculture,” the researcher said.

Cybersecurity

“The tools Desert Dexter uses aren’t particularly sophisticated. However, the combination of Facebook ads and legal services and references to geopolitical circumstances has caused many devices to be infected.”

This development comes as Qianxin revealed details of a spear fishing campaign called the Sea Sightseeing Operation. It has been found to target Chinese scientific research institutions with the aim of providing a backdoor that can harvest sensitive information related to marine science and technology.

This activity is attributed to a cluster named UTG-Q-011, a subset within another hostile group called CNC groups that share tactical overlap with patchwork, a threat actor from India.

Did you find this article interesting? Follow us on Twitter and LinkedIn to read exclusive content you post.

Source link

Follow on Google News Follow on Flipboard
Share. Facebook Twitter Pinterest LinkedIn Tumblr Email Copy Link
Previous ArticleAEV updates technology partnership with Momentus Technologies
Next Article Nirvana maintains Truckin’ at $80 million at a $830 million valuation for AI-powered insurance
user
  • Website

Related Posts

Five ways identity-based attacks are violating retail

July 8, 2025

Over 17,000 fake news websites caught fuel supply investment scams worldwide

July 8, 2025

Researchers reveal Batavia window spyware and steal documents from Russian companies

July 8, 2025
Add A Comment
Leave A Reply Cancel Reply

Latest Posts

Five ways identity-based attacks are violating retail

Over 17,000 fake news websites caught fuel supply investment scams worldwide

What are the factors that prevent the adoption of EVs in the UK?

Canada announces $21.5 million carbon capture and storage investment

Trending Posts

Subscribe to News

Subscribe to our newsletter and never miss our latest news

Please enable JavaScript in your browser to complete this form.
Loading

Welcome to Fyself News, your go-to platform for the latest in tech, startups, inventions, sustainability, and fintech! We are a passionate team of enthusiasts committed to bringing you timely, insightful, and accurate information on the most pressing developments across these industries. Whether you’re an entrepreneur, investor, or just someone curious about the future of technology and innovation, Fyself News has something for you.

Robots Play Football in Beijing: A Glimpse into China’s Ambitious AI Future

TwinH: A New Frontier in the Pursuit of Immortality?

Meta’s Secret Weapon: The Superintelligence Unit That Could Change Everything 

Unlocking the Power of Prediction: The Rise of Digital Twins in the IoT World

Facebook X (Twitter) Instagram Pinterest YouTube
  • Home
  • About Us
  • Advertise with Us
  • Contact Us
  • DMCA
  • Privacy Policy
  • Terms & Conditions
  • User-Submitted Posts
© 2025 news.fyself. Designed by by fyself.

Type above and press Enter to search. Press Esc to cancel.