Cybercriminals are exploiting news of Ross Ulbricht’s pardon by U.S President Trump, duping users via a Telegram channel into running malware-infected PowerShell scripts. A disguised captcha or verification process leads users to download a PowerShell script and a ZIP file containing files like identity-helper.exe, a suspected Cobalt Strike loader used for remote access and launching ransomware or data theft campaigns. This comes after Ulbricht, founder of the infamous Silk Road dark web marketplace, was released from prison.

New Triada comes preinstalled on Android devices
A new variant of the Triada Trojan has been discovered pre-installed on Android devices, enabling data theft from the moment the device is set up,