Malware

Investigation into the incident is already underway, according to Van Wagner, which has already offered a year's worth of complimentary theft protection services to impacted persons while emphasizing the implementation of additional security measures across its IT infrastructure to avoid future intrusions.

Attacks commence with the delivery of phishing emails purporting to be a "OneAmerica survey" with a ZIP archive containing a Windows shortcut file and a primary executable resulting in the deployment of a custom Tiny Core QEMU Linux virtual machine dubbed 'PivotBox' that contains the backdoor.

Other Linux-based network devices may have also been targeted by Pygmy Goat, as indicated by its utilization of a fake Fortinet certificate, a pair of remote shells, and several communication wake-up techniques.

The threat of a copyright infringement claim has become the latest way for malware operators to trick their targets.

After exploiting the Safari remote code execution flaw, tracked as CVE-2020-9802, for initial access, the updated LightSpy payload triggers an exploit chain with jailbreak and loader stages prior to malware core delivery on devices running on iOS versions up to 13.3.

Attackers leveraged pernicious ads to lure targets into downloading ZIP packages with the malicious Electron app in the guise of legitimate software, which downloads the SYS01 infostealer that primarily compromises Facebook credentials while displaying the advertised software to conceal compromise.

Malicious sites have been leveraged to redirect to a CAPTCHA, with clicking the "I'm not a robot" button followed by the copying and execution of malicious code prompting the distribution of the Lumma infostealer.

Threat actors are using an Android malware payload to pull off an elaborate social-engineering scam.