A financially motivated operation, codenamed REF1695, has been uncovered by researchers, revealing a large-scale campaign to spread remote access trojans (RATs) and cryptocurrency miners through fake installers since November 2023.
The threat actors behind REF1695 are using clever tactics to lure victims into downloading malicious software, which ultimately leads to the deployment of RATs and crypto miners on compromised systems.
Beyond the financial gains from cryptomining, the threat actors are also engaging in Cost Per Action (CPA) fraud, where they direct victims to content locker pages disguised as software registration pages, further monetizing the infections.
The operation highlights the evolving nature of cyber threats, where attackers are constantly adapting and finding new ways to exploit vulnerabilities and deceive victims.
As the cybersecurity landscape continues to shift, it’s essential for individuals and organizations to remain vigilant and take proactive measures to protect themselves from such threats.
Source: Original Article
