Proofpoint researchers found a new #malicious 3rd party #OAuth app campaign that abused the #Microsoft “verified publisher” status to bypass restrictions.
Observed impact: App impersonation. Compromised mailboxes. Data exfiltration. Brand abuse.
Blog: ow.ly/WBos50MF59r
Our @threatinsight researchers have tracked a recent rise in campaigns abusing #Microsoft#OneNote.
This graph breaks down the wide variety of #malware distributed using this method. AsyncRAT tops the list, with familiar suspects Agent Tesla and Qbot also appearing.💡
Proofpoint @threatinsight researchers shared findings on a new malware strain that is distributed via bogus installation packages of the Bitwarden password manager.
@TheHackersNews covered the analysis of this malware named ZenRAT.
Qbot affiliates including TA570 and TA577 have all taken at least a month off over the summer in the past three years.
TA577, one of the largest #Qbot affiliates, delivered its last campaign to date on 21 June.