Russia-linked hacking group Gamaredon has been targeting Ukrainian defense, government, and law enforcement agency employees in a new ongoing cyberespionage campaign leveraging an information stealing malware, reports The Hacker News.
The phishing campaign involves the delivery of malicious Microsoft Word documents that use the ongoing Russia-Ukraine war as lure, according to a report from Cisco Talos. Opening the documents would prompt the execution of template-embedded macros that would then facilitate the retrieval of RAR files with LNK files, said researchers.
The report also showed that intelligence briefings pertaining to the invasion of Ukraine have been used in the LNK files, which may lure victims into opening shortcuts that then prompt PowerShell beacon execution before finally resulting in the deployment of the information stealing malware.
"The infostealer is a dual-purpose malware that includes capabilities for exfiltrating specific file types and deploying additional binary and script-based payloads on an infected endpoint," said researchers.
BleepingComputer reports that several U.S. financial institutions and numerous cryptocurrency apps are having their users mostly targeted by an expanded Xenomorph malware campaign leveraging an updated version of the Android banking trojan that also set sights on users in Canada, Italy, Spain, Belgium, and Portugal.