Fake TTF files deliver stealthy malware in global phishing campaign
Summary
Threat actors are employing a global phishing campaign that abuses standard TrueType Font (TTF) files to deliver stealthy malware. This campaign uses heavily obfuscated JavaScript and a Lua-based loader disguised as a font file to evade detection and install malware like RATs and infostealers.
IFF Assessment
FOE
This article details a new malware delivery technique that evades security measures, posing a direct threat to defenders.
Defender Context
Defenders should be aware of this tactic of disguising malware within seemingly innocuous file types like TTF files. This highlights the importance of user education on phishing attacks and robust endpoint detection and response (EDR) solutions capable of identifying suspicious file behavior and obfuscated scripts.