Malware often targets Windows users due to the operating system’s widespread popularity, making it a lucrative target for threat actors. Windows systems have historically been perceived as more vulnerable due to their larger user base and the majority of security vulnerabilities. The FortiGuard team recently discovered a cluster of malware droppers delivering various final-stage payloads in 2023. In a report shared with Cyber Security News (CSN), Fortinet affirmed these droppers use multiple stages of obfuscated payloads, with some identified payloads including Leonem, AgentTesla, SnakeLogger, RemLoader, Sabsik, LokiBot, Taskun, Androm, Upatre, and Remcos. Named ‘TicTacToe dropper,’ the group is identified by a common Polish language string, ‘Kolko_i_krzyzyk,’ interpreting TicTacToe.
Source: GBHackers