Intrusions commenced with the delivery of phishing emails with RAR archives deploying a backdoor that facilitated the injection of the APT31-linked GrewApacha trojan, as well as a new version of the CloudSorcerer malware that bypasses detection through VMProtect.
Zero-day detection hits for SnakeKeylogger reached hundreds, with the trojan attempting communications with numerous outside servers, according to an alert from Fortinet's FortiGuard Labs.
While most of the intrusions involved websites spoofing a leading e-commerce platform and power tools maker, as well as fake sales offers for widely used products, attackers also leveraged fake Facebook user comments to facilitate the scheme.
Threat actors leveraged smishing campaigns to deploy BingoMod in the guise of mobile security tools, such as APP Protection, AVG AntiVirus & Security, and WebSecurity.
New DEV#POPPER attacks involved the utilization of interview lures to developers aimed at distributing a ZIP archive file, which when executed triggers the BeaverTail malware.