An unknown threat actor is targeting German users interested in the Ukraine crisis, infecting them with a custom PowerShell RAT (remote access trojan) and stealing their data.
The malware campaign uses a decoy site to lure users into fake news bulletins that supposedly contain unreleased information about the situation in Ukraine.
These sites offer malicious documents that install a custom RAT that supports remote command execution and file operations.
Read more…
Source: Bleeping Computer