Cyble Research and Intelligence Labs (CRIL) detected threat Actors (TAs) distributing the malware DarkTortilla. Since 2015, the complex .NET-based malware known as DarkTortilla has been operating.
Researchers say that numerous stealers and Remote Access Trojans (RATs) including AgentTesla, AsyncRAT, NanoCore, etc. are known to be dropped by the malware.
“We identified two phishing sites masquerading as legitimate Grammarly and Cisco sites. The phishing sites link could reach users via spam email or online ads etc., to infect the users”, CRIL said.
The infection of DarkTortilla is further facilitated by the malicious samples downloaded from the phishing sites. The samples obtained from the two phishing websites use several infection methods to spread the DarkTortilla malware.