Attacks by SideWinder begin with the delivery of spear-phishing emails with a malicious LNK file-containing ZIP file or Office document, which triggers a multi-stage infection chain involving JavaScript malware and the Backdoor loader module that ultimately results in the deployment of the sophisticated .NET-based StealerBot payload, a report from Kaspersky showed. Aside from allowing screenshot capturing, keystroke logging, browser password exfiltration, and file theft, StealerBot also enables remote desktop credential compromise, Windows credential phishing, and further malware injections.

Source: SC Magazine