Oddbean new post about | logout
 nostr:nevent1qqs0a53r3puxrqjxrkw56y4qpgdntfa37f0tl0c3fq7wdzn2mwywmgspp4mhxue69uhkummn9ekx7mqzyqus2f7gl4rdzvvxrvnmjg6sm9guv90qfnz0tqx59ztfm6f28zvzqqcyqqqqqqgywk0de

"A financially motivated threat actor using USB devices for initial infection has been found abusing legitimate online platforms, including GitHub, Vimeo, and Ars Technica, to host encoded payloads embedded in seemingly benign content.

The attackers hide these payloads in plain sight, placing them in forum user profiles on tech news sites or video descriptions on media hosting platforms.

These payloads pose no risks to users visiting these web pages, as they are simply text strings. However, when integrated into the campaign's attack chain, they are pivotal in downloading and executing malware in attacks."

#cybersecgirl 
 its USBaby