Ande Loader Leads to 0bj3ctivity Stealer Infection
In July 2024 eSentires Threat Response Unit observed a phishing attack leading to a 0bj3ctivity Stealer malware infection. The attack involved a malicious JavaScript file that retrieved and executed Ande Loader and the 0bj3ctivity Stealer. Ande Loader created persistence downloaded additional payloads and performed process injection. The 0bj3ctivity Stealer exfiltrated data from various browsers and messengers to Telegram servers or SMTP including credentials credit card information and system details. The attack utilized obfuscation anti-analysis techniques and a multi-stage delivery mechanism to evade detection.