A financially motivated operation, codenamed REF1695, has been observed using fake installers to deploy remote access trojans (RATs) and cryptocurrency miners since November 2023.
The threat actor behind this operation is leveraging these tactics to monetize infections through various means, including cryptomining and CPA (Cost Per Action) fraud.
By directing victims to content locker pages under the guise of software registration, the attackers are able to generate revenue from these infections.
This operation highlights the evolving nature of cyber threats, as attackers continue to find new ways to exploit vulnerabilities and deceive victims.
The use of fake installers and RATs in this operation demonstrates the importance of being cautious when downloading software from the internet.
Source: Original Article
