Phishing

Threat actors behind the latest intrusions delivered phishing emails with a malicious ZIP archive, which when executed prompts the download of a malicious NVIDIA driver update or Midjourney installer-spoofing .MSI file, according to a Netskope analysis.

Malicious emails alerting of state-sponsored intrusions have been sent to lure organizations' cybersecurity teams into downloading the fraudulent "ESET Unleashed program," which features several ESET DLLs and would enable file and data deletion upon execution.

Attacks involved the display of fraudulent Google Meet popup alerts, which would download the StealC or Rhadamanthys infostealers for Windows users and the AMOS Stealer payload for macOS users, according to a Sekoia analysis.

Malicious spear-phishing messages have been leveraged by RomCom to distribute the MeltingClaw or RustyClaw downloaders for the ShadyHammock and DustyHammock backdoors, respectively, with the latter facilitating the delivery of the SingleCamper trojan.

Attacks by SideWinder begin with the delivery of spear-phishing emails with a malicious LNK file-containing ZIP file or Office document, which triggers a multi-stage infection chain involving JavaScript malware and the Backdoor loader module that ultimately results in the deployment of the sophisticated .NET-based StealerBot payload.

Attacks involved the delivery of malicious emails spoofing Receita Federal, which is Brazil's federal revenue service agency.

Insurance and finance industry organizations have been targeted with the Remcos RAT payload as part of a new phishing attack involving the abuse of GitHub comments to insert links redirecting to legitimate open-source tax software repositories instead of unknown repositories, according to a Cofense report.

Malicious QR code messages have also been increasingly leveraged to compromise the sector, with Office 365 used to send over 15,000 of such messages to education entities, a Microsoft Threat Intelligence report showed.