Typosquatted domains mimicking legitimate sites have been leveraged to host the MSIX installers, which not only spoof Zoom, KeePass, Steam, and other popular software but also facilitate script execution prior to app deployment.
Intrusions with the novel Firmachagent malware and known Spectr spyware were reported by Ukraine's Computer Emergency Response Team to have been launched by pro-Russia and Luhansk People's Republic-associated threat operation Vermin as part of a new hacking campaign.
Banshee Stealer has been advertised to enable the theft of almost 100 browser extensions' data, iCloud Keychain credentials, and Notes, according to an Elastic Security Labs analysis.
Nearly 20 sub-campaigns have been part of Tusk, three of which remain active and leverage a Dropbox-hosted initial downloader to facilitate infostealer infections and personal and financial information compromise, an analysis from Kaspersky revealed.
Attacks commence with the delivery of fraudulent business- or finance-related documents, which when executed open the default app for Word documents while establishing a mutex and altering registry entries to ensure persistence.
Intrusions commenced with email bomb delivery and phone calls luring targets into downloading AnyDesk to facilitate the deployment of next-stage information-stealing payloads, including the AntiSpam.exe executable and SystemBC loader.
Aside from spearheading the first-ever ransomware-as-a-service operation Reveton along with co-conspirators also charged in the U.S. in 2011, Silnikau also led the Angler exploit kit, which had been leveraged in malvertising campaigns against U.S.-based firms.
Attacks commenced with the delivery of malicious emails purportedly from the SSU that sought the submission of certain required documents and included hyperlinks to a Documents.zip archive, which when clicked would trigger an MSI file that would facilitate malware installation.