Security News > 2021 > December > TinyNuke info-stealing malware is again attacking French users
The info-stealing malware TinyNuke has re-emerged in a new campaign targeting French users with invoice-themed lures in emails sent to corporate addresses and individuals working in manufacturing, technology, construction, and business services.
The TinyNuke malware activity first appeared in 2017, culminated in 2018, then dropped significantly in 2019, and almost faded out of existence in 2020.
This could also indicate that the malware is used by two different actors, one associated with the initial TinyNuke actors and one linked to actors who typically use commodity tools.
The actor compromises legitimate French websites to host the payload URL, while the executables are masked as innocuous software.
According to information sharing partners and open-source information, the actors previously used that string in C2 communications in previous campaigns since 2018," explains Proofpoint's report.
These ZIP files contain a JavaScript file that will execute PowerShell commands to download and execute the TinyNuke malware.