A sophisticated malware operation named ‘Phantom Goblin’, employing deceptive social engineering techniques, has been identified by Cyble Research and Intelligence Labs (CRIL). The malware uses RAR file attachments containing malicious shortcut (LNK) files that mimic legitimate PDF documents. Once executed, they trigger stealth operations designed to steal sensitive data and avoid detection by using PowerShell and unauthorized remote access. The primarily targeted data is from web browsers and developer tools.
Ragnar Loader toolkit evolves amid increased traction among threat operations
The Ragnar Loader malware toolkit, used by several threat operations, has been enhanced with more sophisticated capabilities. It now includes advanced encryption, encoding, and process
