We have seen DirtyMoe being spread by various exploit kits such as PurpleFox or via injected installers, for example, as seen for Telegram’s installer. However, one of the DirtyMoe modules also implements worming techniques to spread itself. In this next DirtyMoe series, we will dissect this module...
After peeling away the MehCrypter’s layers in the first part of our blog series, we felt there was no other choice than to deep dive even further into the Meh password stealer payload and all its functionalities