I use WinSCP for file transfering files to the Internet for podcasting or even to update web sites. I’m not sure what PuTTY is, but we learn a little about all of this in a very interesting campaign that delivers malware.
This thing can download a zip file which then has an executable attached.
This thing can also download Cobalt Strike as shown in the diagram from Rapid 7. A short text description of that diagram says:
The image shows a flowchart detailing a malware attack process. It starts with ‘Malvertising’, leading to ‘download putty’, and continues through various stages indicating actions such as ‘leads to download’, ‘leads to execution’, ‘unpacks’, and ‘executes’. The chart includes references to software like ‘Cobalt Strike’, ‘Restic’, and ‘Ransomware’, along with files like ‘putty-64bit’, ‘setup.exe’, ‘python311.dll’, and ‘systemd.py’. The RAPID7 logo is visible,
The article is titled Ransomware gang targets Windows admins via PuTTy, WinSCP malvertising is our article, so do pay attention to it. Its something you should pay attention to if you use these pieces of software.
The article does talk about these types of campaigns going after Thunderbird, the mail client, as well as others.
Discover more from Jared's Technology podcast network
Subscribe to get the latest posts sent to your email.