Fake TTF files deliver stealthy malware in global phishing campaign

Summary

Threat actors are employing a global phishing campaign that abuses standard TrueType Font (TTF) files to deliver stealthy malware. This campaign uses heavily obfuscated JavaScript and a Lua-based loader disguised as a font file to evade detection and install malware like RATs and infostealers.

IFF Assessment

FOE

This article details a new malware delivery technique that evades security measures, posing a direct threat to defenders.

Defender Context

Defenders should be aware of this tactic of disguising malware within seemingly innocuous file types like TTF files. This highlights the importance of user education on phishing attacks and robust endpoint detection and response (EDR) solutions capable of identifying suspicious file behavior and obfuscated scripts.

Read Full Story →