This week’s incidents show attackers exploiting ordinary files, trusted services, and routine workflows to gain control without relying on exotic exploits. From targeted spear-phishing that delivered the FALSECUB backdoor to malvertising and droppers seeding infostealers like TamperedChef, adversaries favor low-friction, large-scale, and patient operations. #FALSECUB #TamperedChef
Keypoints
- Attackers are leveraging trusted files and workflows to achieve persistence and data theft rather than novel zero-day exploits.
- Spear-phishing using ISOs and decoy documents delivered the FALSECUB backdoor to government targets in Afghanistan.
- Malvertising and fake installers have been used to distribute droppers, RATs, and infostealers such as TamperedChef and proxyware.
- Low-friction techniques—DLL side-loading, WSL COM abuse without process spawn, and support-ticket relay spam—enable large-scale, covert operations.
- Defensive moves like short-lived TLS, Crates.io security tabs, and EU supply-chain rules are emerging, but systemic exposure continues to accumulate quietly.
Read More: https://thehackernews.com/2026/01/threatsday-bulletin-pixel-zero-click.html