Cybersecurity researchers have discovered a new malware loader codenamed CountLoader that has been put to use by Russian ransomware gangs to deliver post-exploitation tools like Cobalt Strike and AdaptixC2 , and a remote access trojan known as PureHVNC RAT.

"CountLoader is being used either as part of an Initial Access Broker's (IAB) toolset or by a ransomware affiliate with ties to the LockBit, Black Basta, and Qilin ransomware groups," Silent Push said in an analysis.

Appearing in three different versions – .NET, PowerShell, and JavaScript – the emerging threat has been observed in a campaign targeting individuals in Ukraine using PDF-based phishing lures and impersonating the National Police of Ukraine.

It's worth noting that the PowerShell version of the malware was previously

See Full Page