This is just the latest example of malvertising tricks to distribute rogue installers of the WinSCP file transfer application.
Trend Micro has published an analysis describing how ransomware actors use the Google Ads platform to serve malware.
The malware in this case was a webpage of the well-known application WinSCP.Threat actors associated with the BlackCat ransomware also use malvertising techniques to distribute ransomware via webpages of legitimate organizations.
SentinelOne describes the ransomware called Rhysida in a technical write-up.
Rhysida is a 64-bit Portable Executable (PE) Windows cryptographic ransomware application compiled using Mingw/GCC, SentinelOne says in a writing up on the matter.
It uses a modified version of the popular WinSCP File Transfer application.
๐ Feeling the vibes?
Keep the good energy going by checking out my Amazon affiliate link for some cool finds! ๐๏ธ
If not, consider contributing to my caffeine supply at Buy Me a Coffee โ๏ธ.
Your clicks = cosmic support for more awesome content! ๐๐
Leave a Reply