Some cybercrime groups are using trojaned proxyware installers to gain a foothold on victim machines and install malware and cryptominers.
TA505, a well-known cybercrime group, is using signed MSI files and other techniques to install the ServHelper RAT on victims' systems.
During an investigation into suspected Iranian threat group ITG18, researchers found various security errors made by the attackers that gave them an inside look into their TTPs.
Researchers uncovered a flaw in macOS that could allow attackers to access permissions, like screen recording, on victim devices - without their approval.
Attackers are building innovative voice-based social engineering tactics into their malware and phishing campaigns.