A recent discovery by cybersecurity researchers has uncovered a large-scale, financially motivated operation, codenamed REF1695, which has been active since November 2023. This operation involves the use of fake installers to spread remote access trojans (RATs) and cryptocurrency miners.
The attackers are using these fake installers, disguised as legitimate software, to gain unauthorized access to victim’s systems and deploy malware. This allows them to not only mine for cryptocurrency but also engage in other malicious activities.
Beyond the financial gains from cryptomining, the threat actors are also monetizing the infections through Cost Per Action (CPA) fraud. This involves directing victims to content locker pages under the guise of software registration, further exploiting the victims for financial gain.
The use of fake ISO files as lures in this operation highlights the evolving tactics of cybercriminals. As cybersecurity continues to advance, attackers are finding new ways to trick victims into downloading and installing malware.
This operation, REF1695, serves as a reminder of the importance of vigilance when downloading software from the internet. Users must ensure that they are downloading from trusted sources and be cautious of any files or links that seem suspicious.
By staying informed about the latest threats and taking necessary precautions, individuals and organizations can protect themselves from falling victim to such operations and minimize the risk of malware infections.
Source: Original Article
