16/09/2023
An ongoing campaign is targeting Business accounts with bogus messages to harvest victims' credentials using a variant of the -based and potentially take over their accounts for follow-on malicious activities.
"The attacks are reaching victims mainly in Southern and North across different segments, led by the services and sectors," Netskope Threat Labs researcher said in an analysis published Thursday.
First documented by in May 2023, originated as a malware capable of pilfering cookies and passwords from web browsers to compromise , , and accounts.
Palo Alto Networks Unit 42, last month, revealed a separate attack wave that took place in December 2022 using a version of the malware, with select iterations also designed to conduct theft.
The latest findings from Netskope suggest the threat actors behind the operation have likely resumed their attack efforts, not to mention adopt tactics used by other adversaries operating out of the country with the same objectives.
Just earlier this week, Guardio Labs disclosed how fraudulent messages sent via Facebook Messenger from a botnet of fake and personal accounts are being leveraged to deliver ZIP or RAR archive files to deliver the stealer malware to unsuspecting recipients.
The same modus operandi acts as the initial vector for the intrusion chains to distribute RAR files hosted on Facebook's content delivery network (CDN).
