Researchers Uncover Mining Operation Using ISO Lures to Spread RATs and Crypto Miners
Researchers Uncover Mining Operation Using ISO Lures to Spread RATs and Crypto Miners
02 April 2026
A financially motivated operation codenamed REF1695 has been observed leveraging fake installers to deploy remote access trojans (RATs) and cryptocurrency miners since November 2023.
"Beyond cryptomining, the threat actor monetizes infections through CPA (Cost Per Action) fraud, directing victims to content locker pages under the guise of software registration," Elastic