A financially motivated operation, codenamed REF1695, has been observed using fake installers to deploy remote access trojans (RATs) and cryptocurrency miners since November 2023.
The threat actor behind REF1695 is leveraging these tactics to monetize infections, with a focus on cryptomining and CPA (Cost Per Action) fraud.
By directing victims to content locker pages under the guise of software registration, the attackers are able to generate revenue through fraudulent means.
This operation highlights the evolving nature of cyber threats, as attackers continue to adapt and refine their tactics to maximize profits.
The use of fake installers and RATs in this operation poses a significant risk to individuals and organizations, emphasizing the need for robust cybersecurity measures to prevent such attacks.
Source: Original Article
