BleepingComputer reports that fake copyright infringement warnings using Yandex Forms are being leveraged for IcedID malware distribution.
Threat actors impersonating Zoho have sent BleepingComputer a copyright infringement complaint noting that the site has been using copyrighted images and that the proof of the violation could be checked through a Yandex Forms link, instead of Google Drive or Google Sites. Clicking the Yandex Forms link in the complaint would redirect to a webpage with a "File 'Stolen Images Evidence' is ready for download" message that would eventually result in the download of an ISO file with the "Stolen_ImagesEvidence.iso" filename.
Users double-clicking on the downloaded file will be shown a new drive letter with a "documents" folder and a random DLL file, with the folder being a Windows shortcut that would trigger the execution of a malicious DLL loader for IcedID upon double-clicking.
Individuals receiving copyright complaints have been advised to be more vigilant and leverage VirusTotal for suspicious file scanning.
Malicious GitHub pages and YouTube videos containing links for purported cracked office software, automated trading bots, and game cheats, have been leveraged to facilitate the download of self-extracting password-protected archives.
While threat actors continued to impersonate employers on job search platforms to lure software developers into participating in an online interview that would be followed by BeaverTail malware compromise, more recent attacks entailed the deployment of a new Qt-based BeaverTail version that enabled browser credential and cryptocurrency wallet data exfiltration.
The U.S. Department of Justice announced that Ukrainian national Mark Sokolovsky, also known as raccoon-stealer, black21jack77777, and Photix, has admitted guilt in operating the Raccoon Infostealer malware-as-a-service operation.