Gamaredon campaign abuses LNK files to distribute Remcos backdoor

A campaign targeting users in Ukraine with malicious LNK files has been observed since November 2024. The files, using Russian words related to troop movements as lures, run a PowerShell downloader contacting geo-fenced servers in Russia and Germany. The second stage payload uses DLL side loading to execute the Remcos backdoor. The activity is attributed to the Gamaredon threat actor group with medium confidence. The campaign uses the invasion of Ukraine as a theme in phishing attempts, distributing LNK files disguised as Office documents. The servers used are mostly hosted by GTHost and HyperHosting ISPs. The attack chain involves DLL sideloading to load the Remcos backdoor, which communicates with a C2 server on a specific port.

Pulse ID: 67e6c6b5e3b5eec595438366
Pulse Link: https://otx.alienvault.com/pulse/67e6c6b5e3b5eec595438366
Pulse Author: AlienVault
Created: 2025-03-28 15:56:37

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

Global Pressure Mounts for Apple as Brazilian Court Demands iOS Sideloading Within 90 Days – Source: www.techrepublic.com https://ciso2ciso.com/global-pressure-mounts-for-apple-as-brazilian-court-demands-ios-sideloading-within-90-days-source-www-techrepublic-com/ #rssfeedpostgeneratorecho #SecurityonTechRepublic #SecurityTechRepublic #CyberSecurityNews #thirdpartyapps #Cybersecurity #International #sideloading #Technology #AppleiOS #Mobility #Security #Software #Brazil #Apple #Apps

#Brazil Orders #Apple To Allow #iOS #Sideloading Within 90 Days

https://valorinternational.globo.com/law/news/2025/03/06/circuit-court-reinstates-antitrust-ruling-against-apple.ghtml

If Europe can do it, so can Brazil!

Apple must allow app sideloading in Brazil within 90 days, judge orders

https://www.engadget.com/apps/apple-must-allow-app-sideloading-in-brazil-within-90-days-judge-orders-130037196.html?src=rss

Android 16 Takes Action Against Scammers with In-Call Security Features https://thecyberexpress.com/android-16-blocks-scammers/ #TheCyberExpressNews #TheCyberExpress #Android16Beta2 #FirewallDaily #Sideloading #CyberNews #Android16 #scammers

For those users who aren't familiar with sideloading.

Android users who want TikTok would be best advised to copy iPhone users

https://9to5mac.com/2025/02/10/android-users-who-want-tiktok-would-be-best-advised-to-copy-iphone-users/

At least they'll get an updated version of the app.

TikTok advises Android users in the US to sideload the app

https://www.engadget.com/apps/tiktok-advises-android-users-in-the-us-to-sideload-the-app-130015055.html?src=rss

This is what Apple means when they call "installing software we don't like" as "sideloading":

https://mastodon.tuxcord.net/@deadvey/113703045750048866

Apple killt Musi: Beliebte Musik-Streaming-App aus App Store verbannt
#Rechtssachen #Streaming #AppStore #Apple #Musi #MusikStreamingApp #Musikindustrie #sideloading https://sc.tarnkappe.info/da084c

iOS Apps illegal im September 2024
#WarezListen #crackedapps #iosapps #ipafileformat #Jailbreak #sideloading https://sc.tarnkappe.info/da8b70

Apps can now block #sideloading more easily and force downloads through #GooglePlay
#Google Play Integrity API makes it easy for apps to detect when they weren’t installed from the Google #PlayStore. https://www.androidauthority.com/play-integrity-sideloading-detection-3480639/
argh.....
I am on #Android as I don't want a #WalledGarden
I use Google Play, and #FDroid, and #Obtainium
I don't want #Surveillance of all my apps, I want #Privacy and access to #OpenSource

Android apps are blocking sideloading and forcing Google Play versions instead | Ars Technica
https://arstechnica.com/gadgets/2024/09/android-now-allows-apps-to-block-sideloading-and-push-a-google-play-version/
#android #sideloading #androiddev

Android apps are blocking sideloading and forcing Google Play versions instead - Enlarge / It's never explained what this collection of app icons quite ... - https://arstechnica.com/?p=2049138 #safetynetattestation #playintegrityapi #googleplaystore #sideloading #android #google #tech #apks

Fortnite torna su iPhone: Epic Games lancia il suo Game Store mobile in UE

https://gomoot.com/fortnite-torna-su-iphone-epic-games-lancia-il-suo-store-mobile-in-europa/

Samsung's Auto Blocker is enabled by default on Galaxy phones that ship with One UI 6.1.1 (including the new Z Flip6 and Z Fold6), preventing you from sideloading apps from outside the Google or Samsung's app stores. But Auto Blocker can be disabled. https://buff.ly/3y88OOy #Samsung #OneUI #AutoBlocker #Sideloading #Android

Report: Apple approves Epic Games Store on iOS in Europe - Enlarge / Epic Games founder and CEO Tim Sweeney. (credit: Epic Games) ... - https://arstechnica.com/?p=2035658 #alternativeappstores #europeancommission #digitalmarketsact #europeanunion #sideloading #timsweeney #epicgames #gaming #apple #tech #ios #eu

L’App Store di Apple: un baluardo contro le frodi digitali : 1,8 miliardi di dollari di transazioni bloccate nel solo 2023

https://gomoot.com/lapp-store-di-apple-un-baluardo-contro-le-frodi-digitali

#app #Apple @apple #blog #DMA #frodi #hacker #news #picks #spam #sideloading #store #tech #tecnologia