Self-Spreading Worm CMoon Steals Data from Russian Users and Companies

Since early July 2024, a newly identified self-spreading worm named 'CMoon' has been circulating in Russia through a compromised website of a gas supply company. Researchers at Kaspersky, who uncovered the campaign, report that CMoon is capable of pilfering account credentials and other sensitive data. The worm exhibits multifaceted functionalities such as deploying additional payloads, capturing screenshots, and orchestrating distributed denial of service (DDoS) attacks. The choice of distribution channel by threat actors suggests a targeted approach towards high-value entities rather than indiscriminate internet users, underscoring the sophistication of their operation. Read more...