Proofpoint threat researchers identified a new malware-as-a-service named #TrustConnect.
Notably, it masquerades as a legitimate remote monitoring and management tool, marking an evolution in how attackers weaponize trust around enterprise tooling.
See our blog for details: brnw.ch/21x05Vh.
Would you run AdobeReader.exe from a days-old company called "TrustConnect Software PTY LTD" because they managed to purchase an Extended Validation certificate?
Blog w. @selenalarson.bsky.social and @proofpoint.com @threatinsight.proofpoint.com team out now!
www.proofpoint.com/us/blog/thre...
Since 14 October, we’ve tracked a high volume XWorm campaign targeting Germany. The activity is attributed to TA584, a sophisticated #cybercrime group tracked since 2020.
Messages are sent from hundreds of compromised sender accounts impersonating ELSTER and contain malicious URLs.
New ecrime insights:
TA4557, known for distributing More_eggs malware, notably expanded to an international audience in recent campaigns.
Per our data, the recruiter-focused TA was seen targeting orgs in France, England & Ireland, in addition to typical North America-targeted threats.
There is however at least two separate current malvertising/SEO campaigns, one leading to Bumblebee and one leading to SMOKEDHAM/Thundershell, but it's not from the official website.
2/2
This article that starts getting traction claims that the official RVTools website was distributing a malicious installer leading to Bumblebee. I see zero evidence of this actually being the case.
1/2
Proofpoint also recently observed this activity delivering GootLoader. Google Ads for a fake document creation app (lawliner[.]com) led to a malicious document creation website, on which users are directed to enter their email address.
Great research on that #GootLoader is now including email in their delivery chain. Please don't download NDAs and other contract templates from free sites without any history.
New blog drop with @selenalarson.bsky.social and the rest of the team. This one covers a lot of threats using the #ClickFix technique to lure targets to infect themselves by pasting malicious CMD/PS code. My "fave" is the chumbox #malvertising on major tech sites.
www.proofpoint.com/us/blog/thre...
Well I guess it's time to try this platform too 😅