Researchers Uncover Mining Operation Using ISO Lures to Spread RATs and Crypto Miners

Updated on April 2, 2026

A financially motivated operation codenamed REF1695 has been observed leveraging fake installers to deploy remote access trojans (RATs) and cryptocurrency miners since November 2023.
“Beyond cryptomining, the threat actor monetizes infections through CPA (Cost Per Action) fraud, directing victims to content locker pages under the guise of software registration,” Elastic…

Read the rest of the story at Read More

Source: The Hacker News

November 21, 2024 Uncategorized

Warning: Over 2,000 Palo Alto Networks D...

October 8, 2024 Uncategorized

GoldenJackal Target Embassies and Air-Ga...

March 12, 2026 Uncategorized

Researchers Uncover Mining Operation Using ISO Lures to Spread RATs and Crypto Miners

Related posts

Warning: Over 2,000 Palo Alto Networks D...

GoldenJackal Target Embassies and Air-Ga...

Apple Issues Security Updates for Older ...

Leave a Comment Cancel reply

Recent News

China-Linked TA416 Targets European Governments with PlugX and OAuth-Based Phishing

Microsoft Details Cookie-Controlled PHP Web Shells Persisting via Cron on Linux Servers

UNC1069 Social Engineering of Axios Maintainer Led to npm Supply Chain Attack

Why Third-Party Risk Is the Biggest Gap in Your Clients’ Security Posture

New SparkCat Variant in iOS, Android Apps Steals Crypto Wallet Recovery Phrase Images

Drift Loses $285 Million in Durable Nonce Social Engineering Attack Linked to DPRK

Hackers Exploit CVE-2025-55182 to Breach 766 Next.js Hosts, Steal Credentials

Cisco Patches 9.8 CVSS IMC and SSM Flaws Allowing Remote System Compromise

ThreatsDay Bulletin: Pre-Auth Chains, Android Rootkits, CloudTrail Evasion & 10 More Stories

Researchers Uncover Mining Operation Using ISO Lures to Spread RATs and Crypto Miners