Cryptolaemus cybersecurity experts: The malware distribution process is the same used to distribute BazarLoader.
Cisco talos: A fake Amnesty International website spread Sarwent The lure is the free availability of am anti Pegasus spyware tool, called AVPegasus. Indeed, the software is the malware
Cybercrime actors impersonated Amnesty International and promised to protect users against the Pegasus spyware to deliver the Sarwent malware. It has been discovered by Cisco Talos cybersecurity experts. The threat actors used a fake NGO official website, with a link that allows the download of the false anti-spyware tool, called AVPegasus. The malicious payload has the usual abilities of a remote access tool (RAT), mainly serving as a backdoor on the victim machine, but can also activate the remote desktop protocol on the targeted pc, potentially allowing the adversary to access the desktop directly and to exfiltrate any kind of data from the victim’s computer. The campaign targets raises issues of possible state involvement, but there is insufficient information available to make any determination on which entity could be. It is possible that is also a financially motivated actor looking to leverage headlines to gain new access.