"Hackers Push USB Malware Payloads via News, Media Hosting Sites"

A threat actor who uses USB devices for initial infection has been discovered abusing legitimate online platforms such as GitHub, Vimeo, and Ars Technica to host encoded payloads hidden in content that appears to be harmless. The attackers put these payloads in forum user profiles on technology news websites or video descriptions on media hosting platforms. The payloads pose no risk to those visiting these web pages because they are just text strings. However, they still play a major role in downloading and executing malware. Mandiant tracks the hackers behind this campaign as UNC4990, which has been active since 2020, primarily targeting users in Italy. This article continues to discuss findings and observations regarding the UNC4990 campaign.

Bleeping Computer reports "Hackers Push USB Malware Payloads via News, Media Hosting Sites"

Submitted by grigby1

Submitted by Gregory Rigby on