- Cybercriminals operate copyrights to push malicious programs into everyday online space
- The telegram now doubles as command centers for developing threats of malicious programs
- Fake law firms cause malicious software through fraud with blows in several languages
Cybercriminals have long relied on fear as a way to manipulate victims, and statements of copyright are one of the last tools for choice.
Research on Kolisna intelligence Found attackers send messages designed to look like legal requests for several users.
However, the real intention of these messages is to deliver malicious software Under the guise of legal pressure.
Campaign based on deception
The report sets out the way the Vietnamese actor of threats called “Lonely Nobody” distributes campaigns that legal firms lead, sending messages that apply to mark the content of copyright violations on the target or in the account on social networks.
What makes this wave of activity a noticeable AI tools To generate convincing templates by region.
The victims find themselves in the following links, which instead of solving the alleged copyright problem lead to the loading of harmful programs.
The attack chain has several unusual features that distinguish it from the more traditional attempts of Fishing.
Instead of relying on ordinary hosting methods, the operators included information about the payload on the pages of the Telegram Bot profile.
From there, goals are sent to archival files placed on free platforms, such as Dropbox or Mediafire.
Inside these archives are legal applications, such as PDF readers complete with evil files.
The putting a damage to be disguised to resemble the usual Windows processes, and uses confused Python scenarios to establish constancy and attract additional components.
In addition to acquaintances, Purelogs Seaarer, Cofense reports the presence of a new brick -stamp called Lone None Searer, also called the PXA SHREATER.
This tool is designed to focus on the theft of cryptocurrencies, quietly replacing the copied addresses of the wallet with those who controlled the attackers.
Communication with operators is processed through telegrams, preserving the infrastructure flexible and more difficult to violate.
Although current campaigns emphasize the theft of information, the methods used can also be easily delivered ransom In future iterations.
While technical indicators, such as unusual Python installations on the host, can help detecting, training and vigilance are still the most effective shield.
The combination of advanced By e -mail security Tools and Protection of the final point It offers strong protection, since only filtering cannot completely prevent these campaigns to force copyright.
