Warning: DEEPDATA Malware Exploiting Unpatched Fortinet Flaw to Steal VPN Credentials

A threat actor known as BrazenBamboo has exploited an unresolved security flaw in Fortinet's FortiClient for Windows to extract VPN credentials as part of a modular framework called DEEPDATA.

Volexity, which disclosed the findings Friday, said it identified the zero-day exploitation of the credential disclosure vulnerability in July 2024, describing BrazenBamboo as the developer behind DEEPDATA, DEEPPOST, and LightSpy.

"DEEPDATA is a modular post-exploitation tool for the Windows operating system that is used to gather a wide range of information from target devices," security researchers Callum Roxan, Charlie Gardner, and Paul Rascagneres said Friday.

The malware first came to light earlier this week, when BlackBerry detailed the Windows-based surveillance framework as used by the China-linked APT41 threat actor to harvest data from WhatsApp, Telegram, Signal, WeChat, LINE, QQ, Skype, Microsoft Outlook, DingDing, Feishu, KeePass, as well as application passwords, web browser information, Wi-Fi hotspots, and installed software.

See more: https://thehackernews.com/2024/11/warning-deepdata-malware-exploiting.html

nostr:nevent1qqs97rpez3s0sjds4et5twsr344sqtazj8hn7hce4l9xfmaa0nfylaspzpmhxue69uhkummnw3ezumt0d5hsygqkl5n0qqz57es4r34a0yj7mm6ptpss8tce63zlj0mx7h3ykdzz0gpsgqqqqqqsrly7l4