BleepingComputerreports that threat operation UAC-0247 was disclosed by Ukraine’s Computer Emergency Response Team to have launched attacks with the new AgingFlymalwareagainst local governments and healthcare providers across the country last month.Malicious emails masquerading as offers for humanitarian assistance have been sent by UAC-0247 to lure recipients into clicking an embedded link that diverts to either a breached website or an AI-generated site, where an LNK file-containing archive is downloaded, according to CERT-UA. Running the LNK triggers an HTA file that shows a decoy form while establishing a scheduled task that executes a shellcode-injecting EXE payload. Threat actors then proceed to launch a two-stage loader, eventually resulting in the deployment of the C#-based AgingFly malware, which is used alongside open-source security tools to steal Chromium browser-stored data and WhatsApp for Windows information.”A distinguishing feature of AGINGFLY compared to similar malware is the absence of built-in command handlers in its code. Instead, they are retrieved from the C2 server as source code and dynamically compiled at runtime,” said CERT-UA.
More
Newsletter
Subscribe to get the latest news, offers and special announcements.