OTX Bot<p>Part 2: Compromised WordPress Pages and Malware Campaigns</p><p>This analysis focuses on malware campaigns linked to Proton66, particularly those targeting Android devices through compromised WordPress websites. The threat actors used redirector scripts to target users from various countries, mimicking the Google Play Store. Additionally, the XWorm campaign targeted Korean-speaking users through fake investment chat rooms. The Strela Stealer targeted email clients in German-speaking countries, while the WeaXor ransomware, a revised version of Mallox, was also observed. The report details the infection chains, provides IOCs, and recommends blocking CIDR ranges associated with Proton66 and Chang Way Technologies to mitigate risks.</p><p>Pulse ID: 6826fc8026d322f4d963e574<br>Pulse Link: <a href="https://otx.alienvault.com/pulse/6826fc8026d322f4d963e574" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">otx.alienvault.com/pulse/6826f</span><span class="invisible">c8026d322f4d963e574</span></a> <br>Pulse Author: AlienVault<br>Created: 2025-05-16 08:51:12</p><p>Be advised, this data is unverified and should be considered preliminary. Always do further verification.</p><p><a href="https://social.raytec.co/tags/Android" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Android</span></a> <a href="https://social.raytec.co/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberSecurity</span></a> <a href="https://social.raytec.co/tags/Email" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Email</span></a> <a href="https://social.raytec.co/tags/Google" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Google</span></a> <a href="https://social.raytec.co/tags/GooglePlay" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>GooglePlay</span></a> <a href="https://social.raytec.co/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>InfoSec</span></a> <a href="https://social.raytec.co/tags/Korea" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Korea</span></a> <a href="https://social.raytec.co/tags/Mallox" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Mallox</span></a> <a href="https://social.raytec.co/tags/Malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Malware</span></a> <a href="https://social.raytec.co/tags/Mimic" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Mimic</span></a> <a href="https://social.raytec.co/tags/OTX" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OTX</span></a> <a href="https://social.raytec.co/tags/OpenThreatExchange" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpenThreatExchange</span></a> <a href="https://social.raytec.co/tags/RDP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>RDP</span></a> <a href="https://social.raytec.co/tags/RansomWare" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>RansomWare</span></a> <a href="https://social.raytec.co/tags/Word" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Word</span></a> <a href="https://social.raytec.co/tags/Wordpress" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Wordpress</span></a> <a href="https://social.raytec.co/tags/Worm" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Worm</span></a> <a href="https://social.raytec.co/tags/XWorm" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>XWorm</span></a> <a href="https://social.raytec.co/tags/bot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>bot</span></a> <a href="https://social.raytec.co/tags/AlienVault" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AlienVault</span></a></p>