Long-Running Malware Campaign Uses Fake Installers To Deploy RATs, Monero Miners

Tue Apr 07 2026

Cryptocurrency

Cybercrime

Malware

Social Engineering

cyberpress.org

A financially motivated threat actor known as REF1695 has been running a long-term malware campaign since late 2023, using fake software installers to deploy remote access trojans and Monero miners. This operation leverages sophisticated evasion techniques and social engineering to infect systems and generate multiple streams of revenue quietly. Sophisticated Infection Chains and Evasion Tactics […] The post Long-Running Malware Campaign Uses Fake Installers To Deploy RATs, Monero Miners appeared first on Cyber Security News.