TA505 Hacker Group Deploys Sneaky RMS Tool in Phishing Campaign - #TA505
The cybersecurity articles describe a series of attacks by the TA505 hacker group using malware called Lobshot that is distributed through malvertising and fake websites to steal cryptocurrency wallet and other sensitive data. Lobshot uses dynamic import resolution and anti-emulation checks to evade detection and contains a hidden virtual network computing module allowing full remote control of infected machines. In a separate series of attacks, the Silence Group has been using the malware Truebot to access networks and deploy the Clop ransomware, typically used by the FIN11 threat actor. Over 1,500 computers have been compromised through these attacks exploiting a vulnerability in Netwrix Auditor servers.