Skip to content
Acknowledgments: Special thanks to Lindon Wass and Michael Elford for their contributions to this research and blog. Background Early in the morning on Sunday, the 22 March, what appeared to be standard adware started triggering alerts across multiple environments managed by Huntress. The executables were using an update mechanism to conceal a multi-stage attack chain designed to systematically di...