Insurance and finance industry organizations have been targeted with the Remcos RAT payload as part of a new phishing attack involving the abuse of GitHub comments to insert links redirecting to legitimate open-source tax software repositories instead of unknown repositories, according to a Cofense report.
Malicious QR code messages have also been increasingly leveraged to compromise the sector, with Office 365 used to send over 15,000 of such messages to education entities, a Microsoft Threat Intelligence report showed.
Aside from featuring over 40 million signals from the DNS Research Federation's data platform and the Global Anti-Scam Alliance's comprehensive stakeholder network, the Global Signal Exchange will also contain more than 100,000 bad merchant URLs and one million scam signals from Google.
While some threat actors established fraudulent disaster relief websites as part of phishing attacks aimed at exfiltrating financial details and Social Security numbers from individuals seeking aid, others impersonated Federal Emergency Management Agency assistance providers to create fake claims that enabled relief fund and personal data theft.
Malicious GitHub pages and YouTube videos containing links for purported cracked office software, automated trading bots, and game cheats, have been leveraged to facilitate the download of self-extracting password-protected archives.
Threat actors leveraged social engineering techniques to lure targets into executing a malicious MSI installer-spoofing LNK file that would run an obfuscated script, which ensures persistence and downloads the VSCode command-line interface in the absence of VSCode to enable file access and additional compromise.
Malicious messages purporting to be interview requests, high-profile event invites, U.S. campaign and election solicitations have been sent by attackers under the guise of known individuals to lure targets into opening a fraudulent email login page that would enable the exfiltration of their credentials.
