On Friday a sophisticated Mac Trojan was discovered, called OSX.Dok, which installs malware designed to intercept all HTTP and HTTPS traffic. This morning, Adam Thomas, a Malwarebytes researcher, found a variant of the OSX.Dok dropper that behaves altogether differently and installs a completely different payload.
The HoeflerText campaign is known for a fake font download that delivers the Spora ransomware. But did you know it also uses special characters in the dropper’s file name?
We take a look at a widespread and yet stealthy malvertising campaign distributing the ISFB banking Trojan via decoy websites.