Cybercriminals are exploiting news of Ross Ulbricht’s pardon by U.S President Trump, duping users via a Telegram channel into running malware-infected PowerShell scripts. A disguised captcha or verification process leads users to download a PowerShell script and a ZIP file containing files like identity-helper.exe, a suspected Cobalt Strike loader used for remote access and launching ransomware or data theft campaigns. This comes after Ulbricht, founder of the infamous Silk Road dark web marketplace, was released from prison.

FIN7 Deploys Anubis Backdoor to Hijack Windows Systems via Compromised SharePoint Sites
The Russian cybercrime group FIN7 is linked to a Python-based backdoor named Anubis, providing them remote access to compromised Windows systems, says Swiss cybersecurity firm