"The credential-harvest script also uses a sneaky 'double-entry' psychological trick that auto-rejects the first and second password attempts as incorrect. This serves two functions: it reinforces the user's belief that the system is legitimate and performs real-time validation, and it ensures that the attacker captures the password twice, significantly reducing the risk of a typo in the stolen data."
"By the time the user receives a 'Configuration completed successfully' message, the attacker has secured the credentials and potentially established a persistent foothold on the endpoint using these staged files."
A previously unknown threat group employs social engineering tactics, including Microsoft Teams chat invitations and impersonation of helpdesk staff, alongside custom malware for data theft. In late December 2025, a large email campaign targeted organizations with overwhelming email traffic. Fake helpdesk personnel prompted users to click a link for a supposed local patch, leading to a phishing page that harvested credentials. The attack utilized a double-entry trick to reinforce legitimacy and capture passwords accurately, while also downloading malicious files to establish a foothold on the victim's machine.
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]