"The campaign, observed in February 2026, has been assessed to share overlaps with a prior campaign mounted by Laundry Bear (aka UAC-0190 or Void Blizzard) aimed at Ukrainian defense forces with a malware family known as PLUGGYAPE. The attack activity employs various judicial and charity themed lures to deploy a JavaScript‑based backdoor that runs through the Edge browser."
"To establish persistence, the LNK files are copied to the Windows Startup folder so that they are automatically launched following a system reboot. The attack chain then displays a URL containing lures related to installing Starlink or a Ukrainian charity named Come Back Alive Foundation. The HTML file is eventually executed via the Microsoft Edge browser in headless mode."
"The browser is executed with additional parameters like -no-sandbox, -disable-web-security, -allow-file-access-from-files, -use-fake-ui-for-media-stream, -auto-select-screen-capture-source=true, and -disable-user-media-security, granting it access to the local file system, as well as camera, microphone, and screen capture without requiring any user interaction."
A new campaign targeting Ukrainian entities has been attributed to Russian-linked threat actors, specifically Laundry Bear (UAC-0190/Void Blizzard). The campaign uses judicial and charity-themed lures to deploy DRILLAPP, a JavaScript-based backdoor executed through Microsoft Edge browser. The malware enables file uploads and downloads, microphone access, and webcam image capture. Two campaign versions were identified, with the first using Windows shortcut files to create HTML applications that load obfuscated scripts from Pastefy. Persistence is established by copying LNK files to the Windows Startup folder. The Edge browser is launched with disabled security parameters, granting unauthorized access to local files, camera, microphone, and screen capture without user interaction.
#malware-campaign #ukrainian-targets #russian-threat-actors #browser-based-backdoor #cyber-espionage
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]