The cybersecurity expert Brian Krebs: The malware has undergone a rebrand. Binary is virtually identical, and employs the same "MZ-as-alternative-entrypoint" trick.
Cofense cyber security experts: Cybercrime actors are trying to steal employeee credentials with the lure of the “quarantine message”. A mail alerts the victim on three messages at risk and asks to click a link. This leads to a real company’s page, but with a fake login panel
Cybercrime actors are trying to steal employee credentials, using the “message quarantine” lure. It has been discovered by Cofense cyber security experts. The researchers identified a themed campaign, that attempts to imitate the technical support team of the employee’s company and makes it appear as though the company’s email security service has quarantined three messages, blocking them from entering the inbox. It claims these messages failed to process and need to be reviewed in order to confirm validity. It even states that two of these were considered valid and are being held for deletion. Upon interacting with the malicious link, the user will be directed to a phishing page unique to the employees’ company. The website is real, but there is a fake login panel covering it.