Threat actors exploiting Salesforce's automated mailing service sent malicious emails with fake Facebook logos warning of copyright violations and account restrictions should recipients fail to contest the claim using a link that redirects to a phony Facebook support page seeking their credentials.
The tool's latest features focus on proactive prevention of account compromise and enhanced threat response capabilities, as well ways to make these capabilities available to a broader range of customers.
According to a report by Cisco Talos, the attackers use phishing emails disguised as financial transactions or order confirmations, often impersonating banks and logistics companies.
Hidden text salting has not only been used to evade spam filters' keyword detection capabilities as shown in separate phishing attacks impersonating Wells Fargo and Norton LifeLock but also to dupe the language detection module of Microsoft and circumvent security filters.
Oil and gas, electricity, and legal services organizations in the U.S. and Europe have been targeted with spam emails containing links that download MintsLoader either through a JavaScript file or Windows Run prompt as part of a campaign underway since earlier this month, a report from eSentire showed.
Both campaigns involved the distribution of malicious emails purporting to be invoices, purchase orders, or quotation requests with attachments, which when opened triggers a PowerShell script fetching the trojanized image and executing a .NET-based loader to launch the payloads.
