Phishing

Malicious sites have been leveraged to redirect to a CAPTCHA, with clicking the "I'm not a robot" button followed by the copying and execution of malicious code prompting the distribution of the Lumma infostealer.

The Russian nation-state actor continues its espionage activities, using RDP to access sensitive information or drop malicious code.

Malicious emails delivered by attackers — who sometimes spoofed Microsoft employees or leveraged Microsoft- and Amazon Web Services-related social engineering lures — included Remote Desktop Protocol configuration files as attachments, which when executed established a connection between the targeted devices and the attacker-controlled server.

Threat actors leveraged Webflow to establish dedicated phishing pages and stealthier custom subdomains mimicking legitimate cryptocurrency wallet sites in an effort to lure targets into inputting their credentials, which are later exfiltrated and used to enable seedphrase compromise, crypto wallet takeovers, and crypto asset theft, a report from Netskope Threat Labs revealed.

Amazon broke up a phishing operation that impersonated thousands of Amazon Web Service (AWS) domains.

Identification of a Manscrypt backdoor malware compromise in May prompted the discovery of early exploitation of the Chrome vulnerability through the "detankzone[.]com" website for the fake NFT-based multiplayer online battle arena game DeTankZone, which contains source code stolen from the DeFiTankLand game.

Attacks by Funnull exploited Polyfill.io access to facilitate malware compromise and redirection to the websites, which impersonate casino conglomerate Sands and the Bwin and Bet365 gambling portals.