Threat actors are distributing a variety of information stealers, including Vidar, Lumma Stealer (also known as LummaC2), RecordBreaker (also known as Raccoon Stealer V2), and Rescoms, through a new malware loader. The malware is being tracked by cybersecurity company ESET and is known as Win/TrojanDownloader.Rugmi.
“This malware is a loader with three types of components: a downloader that downloads an encrypted payload, a loader that runs the payload from internal resources, and another loader that runs the payload from an external file on the disk,” the business stated in its Threat Report H2 2023.x000D According to the company’s telemetry data, the number of Rugmi loader detections increased dramatically between October and November of 2023, going from a single digit daily total to hundreds.