TA585 Deploys MonsterV2 Malware with Novel ClickFix Tactic

A newly identified threat actor, TA585, is notable for managing its entire attack chain in-house, from infrastructure to payload delivery. The group deploys the sophisticated MonsterV2 malware, a feature-rich remote access trojan, stealer, and loader sold as a high-priced service on criminal forums. TA585 uses innovative tactics like government-themed phishing and web injects that employ a "ClickFix" technique, tricking victims into manually executing malicious PowerShell commands via fake CAPTCHA prompts. MonsterV2 itself boasts advanced capabilities, including remote desktop control, comprehensive data theft, and anti-detection mechanisms to evade security analysis. This actor's self-sufficient and advanced operational model highlights a significant shift in the cybercrime ecosystem, demanding more adaptive defense strategies.

Latest mentioned: 10-14

Earliest mentioned: 10-14

Sources

thehackernews.com gbhackers.com cybersum.net

Also Read

WordPress WooCommerce Sites Targeted by Sophisticated Malware

The Wordfence Threat Intelligence Team has uncovered a sophisticated malware campaign targeting WordPress e-commerce sites using the WooCommerce plugin. The malware, disguised as legitimate plugins like 'jwt-log-pro' and 'cron-environment-advanced,' hides malicious payloads inside fake images and evades detection through custom encryption. It logs users with high privileges, intercepts login credentials, and establishes a backdoor for remote command access. The malware is attributed to Magecart Group 12, known for credit card skimming operations. The campaign has compromised over 25,000 IP addresses, primarily in Southeast Asia and North America, with a focus on network video recorders and routers.

10-31Read more →