Cyber Attackers Use Fake ISO Files to Spread Remote Access Trojans and Crypto Miners

A financially motivated operation, codenamed REF1695, has been observed using fake installers to deploy remote access trojans (RATs) and cryptocurrency miners since November 2023.

The attackers are leveraging fake installers to trick victims into downloading and installing the malware, allowing them to gain remote access to the infected systems.

Beyond cryptomining, the threat actor is also monetizing infections through CPA (Cost Per Action) fraud, directing victims to content locker pages under the guise of software registration.

This operation highlights the evolving nature of cyber threats, where attackers are constantly looking for new ways to exploit vulnerabilities and deceive victims.

The use of fake ISO files as a lure is a new tactic, and it is essential for users to be cautious when downloading software and files from the internet.

Source: Original Article

Press ESC to close

Share Article:

Tarang Parmar

Cybersecurity Threats: Latest Pre-Auth Chain Exploits, Android Rootkits and CloudTrail Evasion Techniques

The State of Open Source Security: Insights and Trends