Threat actors who are yet to be identified impersonated Reserve+ customer support on Telegram to lure targets into downloading a ZIP archive claiming to have instructions on appropriate data updating, which triggers the deployment of MeduzaStealer that exfiltrates certain files before removing itself from the compromised system, according to CERT-UA. While the impact of the MeduzaStealer malware compromise remains uncertain, more than 4.5 million Ukrainians were noted to have updated their personal information via the Reserve+ app.

Source: SC Magazine