Fraudulent Google ads for the WinSCP and PuTTy utilities have been leveraged to attempt ransomware distribution as part of a malvertising campaign against Windows system administrators, reports BleepingComputer.
Click for more special coverage
Attackers used typosquatted domain names for the fake WinSCP and PuTTy sites, which included links that redirected to legitimate sites and downloaded ZIP archives, which contain a malicious DLL that facilitates the deployment of the Sliver post-exploitation toolkit to deliver Cobalt Strike beacons and other payloads for initial network access, according to a Rapid7 report. Researchers also noted threat actors' attempted data exfiltration and ransomware distribution activities, which were eventually thwarted."The related techniques, tactics, and procedures (TTP) observed by Rapid7 are reminiscent of past BlackCat/ALPHV campaigns as reported by Trend Micro last year," said Rapid7 researcher Tyler McGraw.
Such an incident comes amid mounting malvertising campaigns exploiting widely used software, including AnyDesk, VLC, Malwarebytes, MSI Afterburner, 7-Zip, CCleaner, Brave, and Grammarly.
An In-Depth Guide to Ransomware
Get essential knowledge and practical strategies to protect your organization from ransomware attacks.
Dark web carding market BidenCash has exposed 910,380 stolen credit card details on the XSS cybercrime forum in a bid to tout their "anti-public system" mechanism that ensures the absence of already-circulated cards from the marketplace, Hackread reports.
SecurityWeek reports that the Oregon Department of Environmental Quality had more than 2.5 TB of data claimed to have been compromised by the Rhysida ransomware operation in an attack last week following the agency's assertion that none of its data had been impacted by the incident.
Newly emergent artificial intelligence-based presentation tool Gamma has been exploited in multi-stage phishing attacks involving redirections to fake Microsoft login pages, reports The Hacker News.
