Kaspersky researchers Elsayed Elrefaei and AbdulRhman Alfaifi highlighted, "This downloader is responsible for delivering additional malware samples to the victim's machine, which are mostly info-stealers (DanaBot and StealC) and clippers."
The threat actors behind the Tusk campaign deploy phishing tactics to trick victims into disclosing personal and financial information that can be exploited for unauthorized access or sold on the dark web.
Naming the operation Tusk, the actors use 'mammoth' as a slang term to refer to their victims, showcasing their linguistic play in the cybercrime context.
The first active sub-campaign, TidyMe, adopts a deceptive guise to mislead users into downloading malware from a lookalike website, leveraging Dropbox for initial malware delivery.
Collection
[
|
...
]