Researchers Uncover Mining Operation Using ISO Lures to Spread RATs and Crypto Miners
Summary
A financially motivated cyber operation named REF1695 has been using fake installers to distribute Remote Access Trojans (RATs) and cryptocurrency miners since November 2023. The threat actor also engages in Cost Per Action (CPA) fraud by redirecting victims to content locker pages.
IFF Assessment
FOE
This operation represents a malicious activity aimed at compromising systems for financial gain, posing a direct threat to defenders.
Defender Context
Defenders should be aware of operations that use social engineering tactics, like fake installers, to distribute malware. Users are susceptible to these attacks through deceptive websites and downloads, highlighting the need for robust endpoint security and user education on identifying suspicious software.