Attacks commenced with the delivery of emails redirecting to sway[.]cloud[.]microsoft domain-hosted phishing pages that lured targets into scanning QR codes with their less secure mobile devices, which would facilitate further malicious activity.
Attacks commenced with the download of malicious ZIP files purporting to be pirated movies that contain an LNK file, which links with a memory-only JavaScript dropper-hosting content delivery network to execute PEAKLIGHT, according to an analysis from Mandiant.
Attacks involved the utilization of accounts spoofing Microsoft, Google, Yahoo, and AOL IT support to target other WhatsApp accounts belonging to individuals in the U.S., Iran, Israel, Palestine, and the UK, according to Meta researchers.
According to ESET researchers who discovered the campaign, the malware, which they named NGate, mimicked legitimate banking apps, convincing victims to download a malicious app via phishing messages that claimed their devices were compromised.
Attackers have used automated voice calls, social media ads, and SMS messages to lure targets into downloading the PWAs, which resemble legitimate apps and enable stealthy compromise of devices' camera, microphone, geolocation, and other browser functions, a report from ESET showed.
Blind Eagle's intrusions commence with the distribution of government and financial organization-spoofing phishing emails with malicious attachments containing links that redirect to a website hosting a compressed ZIP archive as an initial dropper following geographical verification, according to a Kaspersky report.
New AnvilEcho PowerShell trojan distribution has been sought by Iranian state-backed threat operation TA453 in a spear phishing attack campaign against a major Jewish personality that commenced late last month.
