Ukraine CERT is alarmed about an advanced phishing email containing a fake BitDefender Windows update that, if installed, deploys Cobalt Strike malware to the infected system…

Continue reading
The Computer Emergency Response Team of Ukraine rolled out a warning about a malicious campaign distributing fake BitDefender Windows antivirus updates that install Cobalt Strike and other malware.
It goes through a phishing email appearing as a legitimate Ukrainian government agency in regards to strengthening network security while advising to download critical security updates that come in the form of a 60 MB file named _"BitdefenderWindowsUpdatePackage.exe."_
These emails contain a French website link that is obviously no longer offline, offering a download button for the alleged AV software updates. Another [website, nirsoft[.]me, was also discovered by MalwareHunterTeam](https://twitter.com/malwrhunterteam/status/1502302718140035080) to be acting as the C2 server for this campaign.

If anyone downloads and runs the file BitDefender Windows update. However, this update downloads and installs Cobalt or any other malicious software in the system. This is a Russian threat actor group that has become more active in its phishing distribution and network attacks since December 2021, along with Russia’s increased aggression.
Ukraine's CERT has attributed the attacks to UAC-0056 with medium confidence, also known as ‘Lorec53’; this Russian threat actor group uses phishing emails and custom backdoors to collect information from Ukrainian organizations. This same actor was targeting Georgian government agencies with phishing emails in the past.
Polymarket's hack losses climb to $3.1M across 11 wallets as the platform faces a federal probe into deceptive marketing, even after pledging full refunds.