Skip to content
  • Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form
CRESCENTHARVEST Malware Targets Iran Protesters

CRESCENTHARVEST Malware Targets Iran Protesters

Posted on February 18, 2026 By CWS

A new cyber threat campaign known as ‘CRESCENTHARVEST’ has emerged, exploiting the ongoing political unrest in Iran. This operation specifically targets individuals supporting or involved in protests, using advanced techniques to infiltrate and steal sensitive information.

How CRESCENTHARVEST Operates

The campaign utilizes social engineering methods to deploy malware that serves as both a remote access trojan (RAT) and an information stealer. Attackers strategically mimic legitimate protest-related content to gain the trust of their targets, thereby accessing sensitive systems.

The infection process starts with an archive containing seemingly authentic protest-related media. Victims encounter malicious .LNK files disguised as video or image files, which, when executed, deploy the malware payload while displaying decoy content to avoid detection.

Technical Sophistication of the Malware

Analysts from Acronis have discovered that the malware employs DLL sideloading, using a signed Google executable, software_reporter_tool.exe, to load harmful libraries. This technique allows attackers to capture keystrokes, execute commands, and exfiltrate critical data such as browser credentials and Telegram session files.

The primary goal of this campaign is long-term surveillance and intelligence gathering. It targets individuals sympathetic to the opposition, suggesting that the actors behind it may have state-level resources and objectives.

Evading Security Measures

A notable feature of CRESCENTHARVEST is its ability to bypass Chrome’s App-Bound Encryption. The malware uses a custom DLL to interact with the browser’s internal COM interfaces, requesting decryption services from the operating system to extract sensitive data.

This module locates the Local State file in the user’s AppData directory to extract encryption keys. By using the CoCreateInstance function, it tricks the system into decrypting these keys, allowing attackers to steal saved credentials, cookies, and browsing history.

To mitigate such risks, cybersecurity experts advise users to employ hardware security keys and exercise caution with unsolicited files. Organizations should also monitor unusual COM object activities and validate signed binaries to detect such evasion techniques.

Stay informed by following us on Google News, LinkedIn, and X for more updates. Set Cyber Security News as your preferred source in Google for real-time alerts.

Cyber Security News Tags:Acronis, App-Bound Encryption, Chrome encryption, CRESCENTHARVEST, cyberespionage, Cybersecurity, data theft, DLL Sideloading, information stealer, Iran protests, Malware, RAT, remote access trojan, security threats, social engineering

Post navigation

Previous Post: Dell RecoverPoint Exploited by Chinese Hackers
Next Post: Palo Alto Networks to Acquire Koi for Enhanced AI Security

Related Posts

SmartLoader Malware via Github Repository as Legitimate Projects Infection Users Computer SmartLoader Malware via Github Repository as Legitimate Projects Infection Users Computer Cyber Security News
Threat Actors Impersonate FBI IC3 Website to Steal The Visitors’ Personal Information Threat Actors Impersonate FBI IC3 Website to Steal The Visitors’ Personal Information Cyber Security News
PhantomRaven Attack Involves 126 Malicious npm Packages with Over 86,000 Downloads Hiding Malicious Code PhantomRaven Attack Involves 126 Malicious npm Packages with Over 86,000 Downloads Hiding Malicious Code Cyber Security News
Top 10 Best Dynamic Malware Analysis Tools in 2026 Top 10 Best Dynamic Malware Analysis Tools in 2026 Cyber Security News
Mythos Preview AI Revolutionizes Vulnerability Exploitation Mythos Preview AI Revolutionizes Vulnerability Exploitation Cyber Security News
WordPress GravityForms Plugin Hacked to Include Malicious Code WordPress GravityForms Plugin Hacked to Include Malicious Code Cyber Security News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • Government Pays $1M to Prevent Data Leak by Kairos Group
  • North Korean Hackers Launch PolinRider Campaign
  • Critical ‘Bad Epoll’ Flaw Risks Linux and Android Security
  • PamStealer Targets macOS Users via Fake Clipboard Manager
  • New FatFs Vulnerabilities Threaten Embedded Devices

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • Government Pays $1M to Prevent Data Leak by Kairos Group
  • North Korean Hackers Launch PolinRider Campaign
  • Critical ‘Bad Epoll’ Flaw Risks Linux and Android Security
  • PamStealer Targets macOS Users via Fake Clipboard Manager
  • New FatFs Vulnerabilities Threaten Embedded Devices

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Copyright © 2026 Cyber Web Spider Blog – News.

Powered by PressBook Masonry Dark