The scammers began to send malicious files under the guise of edits

Fraudsters send phishing emails disguised as edits to the terms of reference in order to steal data from employees of Russian companies. This was announced on September 23 by Angara Security.

"The Rare Werewolf group is a hacker group that has been attacking organizations in various industries in Russia, Belarus and Kazakhstan since at least 2019. The group's new campaign began at the end of 2024. Today we are witnessing another wave of attacks on Russian companies," commented Lada Antipova, head of the Response and Digital Forensics Department, as quoted by the RIA Novosti news agency.

The attackers use the subject, the content of the letter, and an encrypted archive disguised as edits to the terms of reference in order to steal credentials. The malicious archive contains a file named "Technical Specification No. 119843-28 Ext. N_3435.scr", stylized as a PDF document.

As soon as the file is opened, the data is compromised, and additional malicious files are uploaded to the work device, including a program for sending stolen data by email and a remote access service. In this case, all used files are deleted immediately after completing the task.

Off the bill: banks warned of the threat of "card slavery" due to new anti-fraud measures

How the fight against fraudsters can turn into problems for ordinary customers

The day before, the Ministry of Internal Affairs of the Russian Federation reported that fraudsters are increasingly using schemes to deceive students, including using a "fake boss" scheme on behalf of university management and simulating attacks on important services. According to the agency, the scammers use the "fake boss" scheme, which involves creating fake chats on behalf of the university. Official communication can only take place through the university's channels.

All important news is on the Izvestia channel in the MAX messenger.