![](\"https:\/\/images.cointelegraph.com\/images\/840_aHR0cHM6Ly9zMy5jb2ludGVsZWdyYXBoLmNvbS91cGxvYWRzLzIwMjQtMTIvMDE5MzhjYWYtMDEwMC03MGRiLWFkZGYtZGJmMTkxODA2YzYz.jpg\")
\n <\/p>\n\n \n <\/p>\n
The malware, LOSTKEYS, can steal files from hard-coded extensions and directories, according to Google.<\/p>\n
Threat group COLDRIVER is using new malware to steal documents from Western targets, according<\/a> to a May 7 report from Google Threat Intelligence. The malware, called LOSTKEYS, shows the evolution of the group from credential phishing to more sophisticated attacks.<\/p>\n According to the Google report, the new malware is installed through four steps. The process involves a \u201clure website\u201d with a fake CAPTCHA, a PowerShell script download<\/a>ed to the user\u2019s clipboard, some device evasion, and retrieval of the final payload. Lastly, the malware is installed.<\/p>\n LOSTKEYS is capable of stealing files from extensions and directories. It can also send system information and running processes back to COLDRIVER. The address from which the parts of the attack come is \u201c165.227.148[.]68\u201d according to Google.<\/p>\n Read more<\/p>\n<\/p>\n If you liked the article, do not forget to share it with your friends. Follow us on\u00a0Google News<\/a><\/span>\u00a0too, click on the star and choose us from your favorites.<\/span><\/strong><\/p><\/blockquote>\n If you want to read more News<\/a> articles, you can visit our General category.<\/a><\/span><\/strong><\/p>\n<\/blockquote>\n\n