Cyber actors are leveraging the infamous
Smoke Loader downloader to deliver several malware families to include: Zeus,
Neutrino, Chthonic banking trojan and crypto mining software. The RIG exploit kit (EK) developers are
currently using this downloader to deliver the Monero coin miner. Attackers are now delivering the Pony/Fareit
malware via the PowerArchiver compressor (XXEncode 0.0), which significantly
reduces the rate of detection by anti-virus vendors (less than six vendors) and
the file format is detected as a text file.
Wapack Labs identified the secondary command and control (C2)
infrastructure which continues to be developed by operators.
An archive of related
reporting can be found in the Red Sky Alliance portal.
