Sep 15, 2023
Ransomware / Cyber Threat
The threat actors behind RedLine and Vidar information stealers have been observed pivoting to ransomware through phishing campaigns that spread initial payloads signed with Extended Validation ( EV ) code signing certificates. "This suggests that the threat actors are streamlining operations by making their techniques multipurpose," Trend Micro researchers said in a new analysis published this week. In the incident investigated by the cybersecurity company, an unnamed victim is said to have first received a piece of info stealer malware with EV code signing certificates, followed by ransomware using the same delivery technique. In the past, QakBot infections have leveraged samples signed with valid code signing certificates to bypass security protections. The attacks start with phishing emails that employ well-worn lures to trick victims into running malicious attachments that masquerade as PDF or JPG images but are actually executables that jump-start the comprom