Phishing

Malicious emails with phishing links have been leveraged to launch either remote access trojan but while DCRat has been deployed through a remote HTML file, PowerRAT has been spread through a malicious Microsoft Word file that executes a rogue Visual Basic macro.

Spear-phishing emails may have been leveraged by APT41 to infiltrate targeted network infrastructure, which would then be deployed with a DCSync attack that enables password hash exfiltration.

Threat actors behind the latest intrusions delivered phishing emails with a malicious ZIP archive, which when executed prompts the download of a malicious NVIDIA driver update or Midjourney installer-spoofing .MSI file, according to a Netskope analysis.

Malicious emails alerting of state-sponsored intrusions have been sent to lure organizations' cybersecurity teams into downloading the fraudulent "ESET Unleashed program," which features several ESET DLLs and would enable file and data deletion upon execution.

Attacks involved the display of fraudulent Google Meet popup alerts, which would download the StealC or Rhadamanthys infostealers for Windows users and the AMOS Stealer payload for macOS users, according to a Sekoia analysis.

Malicious spear-phishing messages have been leveraged by RomCom to distribute the MeltingClaw or RustyClaw downloaders for the ShadyHammock and DustyHammock backdoors, respectively, with the latter facilitating the delivery of the SingleCamper trojan.

Attacks by SideWinder begin with the delivery of spear-phishing emails with a malicious LNK file-containing ZIP file or Office document, which triggers a multi-stage infection chain involving JavaScript malware and the Backdoor loader module that ultimately results in the deployment of the sophisticated .NET-based StealerBot payload.

Attacks involved the delivery of malicious emails spoofing Receita Federal, which is Brazil's federal revenue service agency.