A financially motivated operation, codenamed REF1695, has been uncovered, which leverages fake installers to deploy remote access trojans (RATs) and cryptocurrency miners since November 2023.
The threat actors behind this operation are using fake installers, disguised as legitimate software, to trick victims into downloading and installing malware on their devices.
Once the malware is installed, the threat actors can remotely access the victim’s device, allowing them to spread additional malware, including cryptocurrency miners.
Beyond cryptomining, the threat actors are also monetizing infections through CPA (Cost Per Action) fraud, directing victims to content locker pages under the guise of software registration.
The operation, which has been ongoing since November 2023, highlights the evolving nature of cyber threats and the importance of being cautious when downloading software from the internet.
According to Elastic, the REF1695 operation is a significant threat to individuals and organizations, and it is essential to take measures to prevent such attacks, including being vigilant when downloading software and keeping security software up to date.
Source: Original Article
