June 21, 2024 at 06:15AM
A malvertising campaign is using fake websites to distribute backdoor malware disguised as popular software like Google Chrome and Microsoft Teams. The malware, called Oyster, can gather information, communicate with a command-and-control address, and execute remote code. This coincides with the emergence of a new phishing platform called ONNX Store.
Based on the meeting notes, the main takeaways are:
– A malvertising campaign is using fake websites to lure users into downloading popular software, only to infect their systems with the Oyster backdoor malware. This malware is associated with the ITG23 group and can execute remote code and gather information about compromised hosts.
– Rogue Raticate is behind an email phishing campaign using PDF decoys to deliver NetSupport RAT, while a new phishing-as-a-service platform called ONNX Store allows customers to orchestrate phishing campaigns using embedded QR codes in PDF attachments to lead victims to credential harvesting pages.
– ONNX Store has a two-factor authentication bypass mechanism and uses Cloudflare’s anti-bot mechanisms to evade detection.
Let me know if you need any further details or if there’s anything else I can assist you with.