COLDRIVER
-
One-day ‘PhantomCaptcha’ spearphishing campaign delivered WebSocket RAT to Ukraine relief organizations
A one-day PhantomCaptcha spearphishing campaign on Oct. 8 used fake CAPTCHA prompts and ClickFix-style commands to install a WebSocket RAT, targeting Ukrainian regional officials and organisations involved in war relief, researchers said.
-
Google links three new ‘ROBOT’ malware families to Russia-linked COLDRIVER
Google’s Threat Intelligence Group linked three new malware families — NOROBOT, YESROBOT and MAYBEROBOT — to the Russia-linked COLDRIVER group, describing a ClickFix-style delivery chain and ongoing rapid development aimed at evading detection. Dutch prosecutors also said three youths are suspected of providing services to a foreign government and one had contact with a Russia-affiliated…
-
Russian Hackers Deploy New LOSTKEYS Malware Using ClickFix Tactics
The Russian hacking group COLDRIVER has introduced LOSTKEYS, a new malware targeting Western advisors, journalists, and NGOs through deceptive tactics resembling ClickFix methods.
