Ukrainian military entities are being targeted by a spear-phishing campaign spreading the RomCom remote access trojan since Oct. 21, The Hacker News reports.
While the unknown threat actor behind RomCom RAT previously impersonated the Advanced IP Scanner app, the latest campaign involved spoofing the pdfFiller app to spread the trojan malware, according to a BlackBerry report.
Phishing emails sent to the Ukrainian military included an embedded link, which redirects to a phony site to facilitate next-stage downloader deployment. Such a downloader was found to have the same signer as the legitimate pdfFiller version. U.S.-, Brazil-, and Philippines-based IT firms, food manufacturers, and food brokers were also targeted by the campaign.
"This campaign is a good example of the blurred line between cybercrime-motivated threat actors and targeted attack threat actors. In the past, both groups acted independently, relying on different tooling. Today, targeted attack threat actors rely more on traditional tooling, making attribution harder," said BlackBerry researcher Dmitry Bestuzhev.
This week, Dr. Doug raves about: 'The Orgy of the Walking Dead' or Elon is controlling my brain, Schoolyard Bully, Redigo, DuckLogs, Dod Alphabet soup, Sirius XM, Pixel Tracking, TSA, Single Sign-on rants, and more on the Security Weekly News!
Novel DuckLogs malware-as-a-service detailed More than 6,000 victims have been compromised by the new DuckLogs malware-as-a-service operation, whose platform is being leveraged by over 2,000 cybercriminals, according to BleepingComputer.
BleepingComputer reports that Redis servers that remain unpatched to CVE-2022-0543 are being compromised with the novel Go-based Redigo malware, which is not yet detected on VirusTotal antivirus engines.