Threat actors have become increasingly creative in recent phishing campaigns, which have involved new attack techniques, reports The Hacker News.
Insurance and finance industry organizations have been targeted with the Remcos RAT payload as part of a new phishing attack involving the abuse of GitHub comments to insert links redirecting to legitimate open-source tax software repositories instead of unknown repositories, according to a Cofense report.
"Emails with links to GitHub are effective at bypassing SEG security because GitHub is typically a trusted domain. GitHub links allow threat actors to directly link to the malware archive in the email without having to use Google redirects, QR codes, or other SEG bypass techniques," said Cofense researcher Jacob Malimban.
Such findings follow an analysis from ESET detailing the escalating attacks by Telekopye Telegram toolkit threat actors against Airbnb, Booking.com, and other accommodation platforms aimed at exfiltrating users' financial information since July. Malicious actors were also reported by Barracuda Networks to have exploited blob URLs and ASCII- and Unicode-based QR codes to better conceal phishing activity.