Quote:The group is using malicious versions of WinRAR and other legitimate software packages to infect targets, likely via watering-hole attacks.
 
The APT group behind the sophisticated malware known as StrongPity (a.k.a. Promethium) has mounted a fresh spyware campaign that is still ongoing as of July 2019. The group has retooled with new malware to control compromised machines, according to researchers.
 
“The new malware samples [first identified in early July] have been unreported and generally appear to have been created and deployed to targets following a toolset rebuild in response to the public reporting during the fourth quarter of 2018,” according to the analysis from AT&T’s Alien Labs division, released Wednesday and shared with Threatpost. “Based on compilation times, infrastructure build and use and public distribution of samples, we assess the activity continues to operate successfully as of this report.”