Intrusions involving fake brand collaborations have been launched to compromise the accounts of up to 200,000 YouTube creators as part of a new ongoing attack campaign, Cybernews reports.
More than 300 SMTP servers have been leveraged by yet-to-be-identified threat actors to facilitate the automated distribution of phishing emails purporting to be business proposals, contracts, or promotional materials from widely known brands, according to an analysis from CloudSEK. Clicking the link within the attachments redirects to OneDrive, where the Lumma Stealer can be downloaded. "Once downloaded, the malware can steal sensitive information, including login credentials and financial data, while also granting attackers remote access to the victim's systems," said CloudSEK Cyber Threat Analyst Mayank Sahariya, who also observed attackers to have been sending 500 to 1,000 emails through a single email address. Meanwhile, nearly 50 antivirus vendors have already noted the "Digital Agreement Terms and Payments Comprehensive Evaluation.exe" malware executable to be malicious.