The malware loader was recently observed in almost two dozen email campaigns that appeared to target English speakers and involved lures related to shipping orders and billing, invoice and purchase requests or inquiries.
CISA warned of an increase in TrueBot malware attacks that exploit a known remote code execution flaw in the Netwrix Auditor application.
Researchers say that crypters previously attributed to the Trickbot/Conti syndicate are “fundamental” to tracking cybercrime factions.
The malware, which has been used in an espionage attack since 2022, includes a capability that specifically targets the client drive mapping feature within Remote Desktop Protocol.
The Qakbot malware operators have shifted tactics again to adapt to changes in defenses.