More threat actors have been leveraging the Latrodectus malware, also known as BlackWidow, which could facilitate the exfiltration of personally identifiable information, sensitive data compromise, and financial fraud, according to SecurityWeek.
Organizations in the financial, healthcare, and automotive industries have been primarily subjected to such attacks, which commence with the delivery of malicious emails with HTML or PDF attachments that launch a DLL resulting in the installation of Latrodectus, a report from Forcepoint revealed. While intrusions involving the PDF attachment deployed the DLL through an MSI installer downloaded by an obfuscated JavaScript file, attacks leveraging the HTML attachment launched the DLL through PowerShell, researchers reported. "Threat actors continue to use older emails to target users via suspicious PDF or HTML attachments. They use a redirection method with URL shorteners and host malicious payloads on well-known storage[.]googleapis[.]com hosting projects," said Forcepoint researchers.
