This week, a threat actor created a GitHub repository with a compiled version of dnSpy that installs a cocktail of malware, including clipboard hijackers to steal cryptocurrency, the Quasar remote access trojan, a miner, and a variety of unknown payloads. This new campaign was discovered by security researchers 0day Enthusiast and MalwareHunterTeam who saw the malicious dnSpy project initially hosted at https://github[.]com/carbonblackz/dnSpy/ and then switching to https://github[.]com/isharpdev/dnSpy to appear more convincing. The threat actors also created a website at dnSpy[.]net that was nicely designed and professional-looking. At this time, both the website and the GitHub repository used to power this campaign have been shut down.
Using Microsoft Sentinel to Detect Confluence CVE-2022-26134 Exploitation
By Akshay Rohatgi and Randy Pargman About this Student Research Project Binary Defense’s mission is