Intrusions involved the delivery of phishing emails with malicious RAR or ISO attachments, with the former triggering direct DBatLoader execution and the latter obscuring a Windows batch script with a PEM-encoded certificate revocation list-masquerading DBatLoader executable.
Intrusions commence with the delivery of phishing emails with an HTML file, which when clicked prompts a OneDrive connection failure notice that includes "How to fix" and "Details" options, according to a Trellix analysis.
Malicious Android APKs with the stealer malware have been spread not only via malvertising but also through 2,600 Telegram bots that seek targets' phone numbers in exchange for the APK file.
Organizations across Ukraine were noted by the country's Computer Emergency Response Team to have been targeted by Belarus-linked advanced persistent threat operation GhostWriter, also known as UAC-0057, in attacks distributing the PicassoLoader malware, Security Affairs reports.
Threat actors have leveraged the new Gh0stGambit dropper to distribute the Gh0st RAT malware in drive-by download attacks against Chinese Windows users, The Hacker News reports.
Hackread reports that CrowdStrike had a 103,000-line indicator of compromise list exposed by widely known threat actor USDoD on Breach Forums following the hacker's claims of exfiltrating the U.S. cybersecurity firm's complete threat actor list last week.