Proofpoint has identified two new cybercriminal threat actors, TA2726 and TA2727, involved in web inject campaigns, while also uncovering new malware targeting MacOS users.
The landscape of malicious website injects is marked by multiple threat actors using malware delivery methods that often involve three components: malicious JavaScript scripts served to website visitors, a traffic distribution service determining the delivery payload, and the ultimate payload downloaded by the script.
Despite a history of notable web inject campaigns from the actor TA569, new actors have emerged, complicating the tracking process for analysts.
Beginning in 2023, Proofpoint observed multiple threat actors employing similar web inject and traffic redirection techniques. The…