A recent discovery by cybersecurity researchers has shed light on a financially motivated operation, codenamed REF1695, which has been active since November 2023. This operation involves the use of fake installers to deploy remote access trojans (RATs) and cryptocurrency miners on unsuspecting victims’ devices.

The threat actors behind REF1695 are leveraging ISO lures to trick users into downloading and installing these fake installers, which ultimately lead to the deployment of malicious payloads. Once infected, the attackers can gain remote access to the compromised devices, allowing them to steal sensitive information, install additional malware, and engage in other malicious activities.

Beyond the obvious goal of cryptomining, the attackers are also monetizing their efforts through Cost Per Action (CPA) fraud. This involves directing victims to content locker pages under the guise of software registration, where they are tricked into completing surveys or other actions that generate revenue for the attackers.

The use of fake installers and ISO lures is a common tactic employed by cybercriminals to spread malware and other types of threats. As such, it is essential for users to exercise caution when downloading and installing software from the internet, ensuring that they only obtain programs from trusted sources and verify the integrity of the installers before proceeding.

The discovery of REF1695 highlights the ongoing threat posed by financially motivated cybercriminals and the importance of staying vigilant in the face of evolving threats. By being aware of the tactics and techniques used by these attackers, users and organizations can take steps to protect themselves and prevent falling victim to such operations.

As the cybersecurity landscape continues to evolve, it is crucial for users to remain informed about the latest threats and trends. By doing so, they can better protect themselves and their devices from the ever-present threat of cybercrime, including operations like REF1695 that aim to spread RATs and crypto miners through fake installers and ISO lures.

Source: Original Article