Researchers Uncover Mining Operation Using ISO Lures to Spread RATs and Crypto Miners

Hold up, tech pros—there's a new cyber hustle in town. Researchers just exposed a sneaky mining op dubbed REF1695 that's been slinging RATs and crypto miners since November 2023. How? By baiting users with ISO files, those disc image lures that look legit but pack a nasty punch. This crew's racked up 27.88 XMR (that's Monero, btw) across four wallets, mixing cryptomining with some shady CPA fraud. Talk about a double-dip scheme.

The attack kicks off with an ISO file—think of it as a digital Trojan horse. Once you open it, PowerShell scripts fire up, dropping remote access trojans (RATs) and crypto miners onto your system. These bad boys let the attackers snoop around, steal data, and hijack your CPU to mine Monero. And they're not just mining; they're also running CPA fraud, gaming ad networks for extra cash. It's a full-blown cybercrime buffet.

Here's the lowdown: the operation's been active for months, targeting unsuspecting users with these ISO lures. The RATs give them backdoor access, while the miners silently drain your resources. They've funneled earnings into four separate wallets, totaling nearly 28 XMR—worth a pretty penny in the crypto world. Microsoft Defender and other tools are on alert, but this shows how attackers are getting crafty with old-school tricks.

Bottom line: stay sharp, folks. This isn't just another mining scam—it's a multi-pronged attack blending stealth and greed. Keep your defenses up, watch for suspicious files, and maybe double-check that ISO before you click. The cyber underworld's always innovating, and this one's a masterclass in low-key chaos.