Lucene search

K
trendmicroblogLucas SilvaTRENDMICROBLOG:9AC31E55CCAA6123407C7F3662222183
HistoryJun 30, 2023 - 12:00 a.m.

Malvertising Used as Entry Vector for BlackCat, Actors Also Leverage SpyBoy Terminator

2023-06-3000:00:00
Lucas Silva
www.trendmicro.com
12
malvertising
winscp
blackcat infection
spyboy terminator
cloned webpages

We found that malicious actors used malvertising to distribute malware via cloned webpages of legitimate organizations. The distribution involved a webpage of the well-known application WinSCP, an open-source Windows application for file transfer. We were able to identify that this activity led to a BlackCat (aka ALPHV) infection, and actors also used SpyBoy, a terminator that tampers with protection provided by agents.