Possible ACR Stealer From Page Impersonating Claude, (Tue, May 26th)

A possible ACR Stealer malware is being impersonated by a webpage impersonating Claude, targeting users with a phishing attack, likely via drive-by download or spear phishing.

1. The threat is impersonating ACR Stealer, a type of information stealer malware.
2. The attack targets users globally, with a focus on phishing attacks via drive-by download or spear phishing.
3. The attack chain involves a webpage impersonating Claude, which likely leads to the download of the malware.
4. Detection opportunities include monitoring for suspicious network traffic and unusual registry modifications.

T1566.001 Spearphishing Attachment, T1204 User Execution

ACR Stealer malware, Claude impersonation webpage, suspicious network traffic, registry modifications

Implement a web filter to block access to the impersonation webpage and ensure users are aware of the phishing attack. Additionally, ensure all software and systems are up-to-date with the latest security patches.