Are you concerned about the latest tax-themed malware campaign targeting the insurance and finance sectors? A new trend has emerged where threat actors are leveraging GitHub links in phishing emails to bypass security measures and deliver Remcos RAT.
Researchers at Cofense have observed that legitimate repositories such as UsTaxes, HMRC, and InlandRevenue are being used in this campaign, signaling a shift towards using trusted repositories instead of creating malicious ones.
One interesting aspect of this attack is the abuse of GitHub infrastructure for staging malicious payloads. Threat actors are exploiting a technique where they upload malicious payloads to GitHub issues on well-known repositories, allowing them to persistently distribute malware.
This method has become increasingly popular as it enables attackers to upload any file of their choice without leaving a trace, making it challenging to detect and block.
Meanwhile, Barracuda Networks has uncovered novel phishing techniques involving ASCII- and Unicode-based QR codes and blob URLs to evade detection. These methods make it harder to block malicious content and deceive users into disclosing sensitive information.
On another front, ESET research has revealed the expansion of the Telekopye Telegram toolkit’s focus to target accommodation booking platforms such as Booking.com and Airbnb. Scammers are using compromised accounts to trick users into entering their financial information.
With scammers constantly evolving their tactics, it is crucial to stay vigilant against such phishing attacks. Follow us on Twitter and LinkedIn for more exclusive content on cybersecurity.