Malicious emails delivered by attackers — who sometimes spoofed Microsoft employees or leveraged Microsoft- and Amazon Web Services-related social engineering lures — included Remote Desktop Protocol configuration files as attachments, which when executed established a connection between the targeted devices and the attacker-controlled server.
Threat actors leveraged Webflow to establish dedicated phishing pages and stealthier custom subdomains mimicking legitimate cryptocurrency wallet sites in an effort to lure targets into inputting their credentials, which are later exfiltrated and used to enable seedphrase compromise, crypto wallet takeovers, and crypto asset theft, a report from Netskope Threat Labs revealed.
Identification of a Manscrypt backdoor malware compromise in May prompted the discovery of early exploitation of the Chrome vulnerability through the "detankzone[.]com" website for the fake NFT-based multiplayer online battle arena game DeTankZone, which contains source code stolen from the DeFiTankLand game.
Attacks by Funnull exploited Polyfill.io access to facilitate malware compromise and redirection to the websites, which impersonate casino conglomerate Sands and the Bwin and Bet365 gambling portals.
Malicious emails with phishing links have been leveraged to launch either remote access trojan but while DCRat has been deployed through a remote HTML file, PowerRAT has been spread through a malicious Microsoft Word file that executes a rogue Visual Basic macro.
Spear-phishing emails may have been leveraged by APT41 to infiltrate targeted network infrastructure, which would then be deployed with a DCSync attack that enables password hash exfiltration.
Fast Five
Selected by the SC Media Editorial team every Tuesday.
Sign up now for the top five issues cybersecurity pros need to know this week.
