Cybercriminals are exploiting news of Ross Ulbricht’s pardon by U.S President Trump, duping users via a Telegram channel into running malware-infected PowerShell scripts. A disguised captcha or verification process leads users to download a PowerShell script and a ZIP file containing files like identity-helper.exe, a suspected Cobalt Strike loader used for remote access and launching ransomware or data theft campaigns. This comes after Ulbricht, founder of the infamous Silk Road dark web marketplace, was released from prison.

New Malware Loaders Use Call Stack Spoofing, GitHub C2, and .NET Reactor for Stealth
An updated version of a malware loader, known as Hijack Loader, has been discovered with new features aimed at evading detection and maintaining persistence. The