Skip to content

News
Cybercrime
Risk
Policy
Privacy
Research
Cloud
Insurance

LinkedIn
Facebook

Acronis TRU

CRESCENTHARVEST campaign uses deceptive .LNK files to deploy RAT against Iran protest supporters

Cybercrime, News, Research

February 19, 2026

CRESCENTHARVEST used RAR archives and deceptive .LNK files to deliver a remote access trojan and data stealer to Farsi speaking supporters of Iran protests. It is not known if any infections succeeded.
Acronis warns of ongoing ‘TamperedChef’ malvertising campaign using signed fake installers

Cybercrime, News, Research, Risk, Vulnerabilities

November 20, 2025

Acronis Threat Research Unit says operators are using signed counterfeit installers in a global malvertising campaign dubbed TamperedChef to deploy a JavaScript backdoor, with infections concentrated in the U.S. and several industries affected; some variants have been used for advertising fraud while broader motives remain unclear.

About
Editorial Policy
Privacy
Contact