Attacks commence with the delivery of phishing emails purporting to be a "OneAmerica survey" with a ZIP archive containing a Windows shortcut file and a primary executable resulting in the deployment of a custom Tiny Core QEMU Linux virtual machine dubbed 'PivotBox' that contains the backdoor.
Recall III: the Re-Re-Recalling, Russia, Win 10, Phish n Ships, Midnight Blizzard, Emerald Whale, Rob Allen, and More, on this edition of the Security Weekly News. Segment Resources: https://www.bleepingcomputer.com/news/security/unitedhealth-says-data-of-100-million-stolen-in-change-healthcare-breach/. This segment is sponsored by ThreatLocker. Vi...
Attacks involved the use of Rich Communication Services messages indicating false payments that included links redirecting to websites spoofing government agencies, postal services, and banking entities, including the U.S. Postal Service, Linkt, and Lloyds.
Attackers leveraged pernicious ads to lure targets into downloading ZIP packages with the malicious Electron app in the guise of legitimate software, which downloads the SYS01 infostealer that primarily compromises Facebook credentials while displaying the advertised software to conceal compromise.
Malicious sites have been leveraged to redirect to a CAPTCHA, with clicking the "I'm not a robot" button followed by the copying and execution of malicious code prompting the distribution of the Lumma infostealer.
