SapphireStealer Distributed Through A Fake Russian Government Website
Researchers discovered an executable file obtained from a deceptive URL posing as a fake Russian government site potentially spread through spam emails. This file identified as SapphireStealer masquerades as a PDF document to trick users. Upon execution it drops and displays a fake PDF while secretly collecting sensitive information like browser credentials and network cookies. The pilfered data is then sent to a command-and-control server in a compressed ZIP file.