A recently discovered cyber operation, codenamed REF1695, has been active since November 2023, using fake installers to spread remote access trojans (RATs) and cryptocurrency miners.
The threat actors behind REF1695 are financially motivated and have been leveraging these fake installers to compromise systems and deploy their malicious payloads.
Beyond the financial gains from cryptomining, the attackers also engage in Cost Per Action (CPA) fraud, where they direct victims to content locker pages disguised as software registration prompts.
This sophisticated operation highlights the evolving nature of cyber threats, where attackers continually adapt and combine different tactics to maximize their profits.
The use of fake installers as a delivery mechanism for malware is a common technique but remains highly effective, underscoring the need for vigilance and robust security measures to protect against such threats.
Source: Original Article
