A sophisticated infostealer known as DarkCloud Stealer is being distributed by threat actors in a number of spam campaigns. The malware can capture sensitive information from a victim’s computer or mobile device through a multi-stage procedure that it uses to operate.
The first step in the infection chain is a phishing email with a malicious link or attachment. It represents itself as coming from a reputable organisation, like an online retailer or a supplier to businesses. It transfers itself into the system directory after being executed on the victim device and adds a task scheduler entry to ensure persistence.