Threat Alert

by IthacaLabs™

THREAT LEVEL/High 10/07/2023

Credential/Info Stealing Malware Families are targeting Cypriot Citizens

Threat Level Description

Threat Level: High – An attack is highly likely. Additional and sustainable protective security measures reflecting the broad nature of the threat combined with specific business and geographical vulnerabilities and judgments on acceptable risk.


There are various indications suggesting that active malware campaigns are on the rise and targeting Cypriot citizens and organizations.

More specifically, these types of malware are credential/information stealers and have leaked in the DarkNet passwords of users associated with a number of Government portals and Financial institutions.

Two malware families seem to be more actively leveraged in these campaigns:

• Raccoon Stealer is a malware that gathers personal information including passwords, browser cookies and autofill data, as well as crypto wallet details. Additionally, Raccoon Stealer records system information such as IP addresses and geo-location data.

• RedLine Stealer was first seen around March 2020, a powerful data collection tool, capable of extracting login credentials from a wide range of sources, including web browsers, FTP clients, email apps, Steam, instant messaging clients, and VPNs

The leaked credentials are distributed in several DarkNet forums and, when accessed and used, can disclose sensitive information of the unaware users, such as financial status, tax information, personal information and more.



Affected Systems

  • Microsoft Windows


Users should proceed and apply all security patches on their operating systems and software used.
Users should install antivirus protection on their systems and scan them periodically.
Vendors should provide and enforce MFA feature on portals that have sensitive/personal information.
Users should enable MFA on portals that provide this functionality.
Vendors should force users to change their passwords periodically by leveraging best practices for passwords.
Users should change their passwords periodically.


Get the latest Threat Alerts in your inbox.