WARMCOOKIE Backdoor: Rising via Recruitment-Themed Phishing

Threat Advisories

WARMCOOKIE Backdoor: Rising via Recruitment-Themed Phishing

June 13, 2024

Summary:

A newly discovered Windows malware called ‘WARMCOOKIE’ is being spread via phishing campaigns that disguise themselves as job offers. WARMCOOKIE functions as an initial backdoor tool, used to explore victim networks and deploy further malicious payloads. Each instance is compiled with a hard-coded C2 IP address and an RC4 key. It is also utilized to fingerprint machines, capture screenshots of victim machines, and deploy additional payloads.
 

Threat Level – Red | Attack Report

×

To receive real-time threat advisories, please follow HiveForce Labs on LinkedIn.

 

Recent Posts

Join Our Newsletter 14,000+ subscribers and growing! Get top cybersecurity news delivered directly to your inbox.
Sign Up to Receive Our Weekly Threat Digest