"In both campaigns, attackers hid malicious code in images they uploaded to archive[.]org, and used the same .NET loader to install their final payloads," HP Wolf Security reported.
"The attack starts with a phishing email masquerading as invoices and purchase orders that forces targets to exploit a known security flaw using malicious attachments."
"The .NET executable serves as a loader to download VIP Keylogger, allowing threat actors to steal a range of data including keystrokes, clipboard content, and credentials."
Collection
[
|
...
]