http://5cjzn74dpcafedj4dngccvyvtmo7bgtmzibyurfc7lkff6q7ep4quwad.onion/a-new-malware-campaign-is-using-the-satacom-downloader-to-steal-cryptocurrency
The campaign targets users of Coinbase, Bybit, KuCoin, Huobi, and Binance, primarily located in Brazil, Algeria, Turkey, Vietnam, Indonesia, India, Egypt, and Mexico. Satacom downloader, also known as Legion Loader, initially surfaced in 2019 as a dropper for next-stage payloads, including information stealers and cryptocurrency miners.