An unknown threat actor is targeting German users interested in the Ukraine crisis, infecting them with a custom PowerShell RAT (remote access trojan) and stealing their data.
The malware campaign uses a decoy site to lure users into fake news bulletins that supposedly contain unreleased information about the situation in Ukraine.
These sites offer malicious documents that install a custom RAT that supports remote command execution and file operations.
The campaign was uncovered by threat analysts at Malwarebytes, who have provided all the details and indicators of compromise in their write-up.
