USB Malware Payloads Spreading By Legitimate Online Platforms And Websites

A financially motivated threat actor, utilizing USB devices for initial infection, is exploiting legitimate online platforms such as GitHub, Vimeo, and Ars Technica to host encoded payloads within apparently harmless content. These payloads are cleverly concealed in forum user profiles or video descriptions on tech news and media hosting sites. Although harmless when viewed, these text string payloads play a crucial role in the attack chain, facilitating the download and execution of malware. Mandiant, tracking the hackers as UNC4990, has identified this campaign's activity since 2020, primarily focusing on users in Italy. Read more...