Google Company warns about a new cyberthreat — the LostKeys spyware, associated with the ColdRiver hacker group, which operates under the control of the Russian FSB. This was reported by the Android Headlines publication, citing the Google Threat Intelligence Group (GTIG).
According to experts, LostKeys is used in social engineering attacks like ClickFix. Attackers trick victims by showing them a fake captcha and then forcing them to run malicious PowerShell scripts. This paves the way for the installation of LostKeys, which extracts files, directories, and system data from the computer. In some cases, additional software, such as SPICA, is also used to steal documents.
ColdRiver (also known as Star Blizzard and Callisto Group) has been active since 2017 and has significantly intensified its activities since the start of Russia’s full-scale invasion of Ukraine. The group attacks government and defense structures, think tanks, politicians, journalists, and non-governmental organizations.
The US has already imposed sanctions against individual members of the group and has offered a $10 million reward for information leading to their capture.
Google is urging potentially vulnerable organizations to strengthen their cybersecurity defenses, including through Google's advanced security features and regular system updates.
Thank you for being with us! Monobank for the support of the ElitExpert editorial office.
