{"id":11823,"date":"2026-04-03T07:03:27","date_gmt":"2026-04-03T07:03:27","guid":{"rendered":"https:\/\/serisec.com\/index.php\/2026\/04\/03\/researchers-uncover-mining-operation-html\/"},"modified":"2026-04-03T07:03:27","modified_gmt":"2026-04-03T07:03:27","slug":"researchers-uncover-mining-operation-html","status":"publish","type":"post","link":"https:\/\/serisec.com\/index.php\/2026\/04\/03\/researchers-uncover-mining-operation-html\/","title":{"rendered":"Researchers Uncover Mining Operation Using ISO Lures to Spread RATs and Crypto Miners"},"content":{"rendered":"<p>    Researchers Uncover Mining Operation Using ISO Lures to Spread RATs and Crypto Miners<br \/>\n \t<BR><br \/>\n<BR><\/BR><br \/>\n    <!-- no image --><br \/>\n \t<BR><br \/>\n<BR><\/BR><\/p>\n<div>A\u00a0financially motivated operation\u00a0codenamed REF1695\u00a0has been\u00a0observed leveraging fake installers to deploy remote access trojans (RATs) and cryptocurrency miners since November\u00a02023.<br \/>\n&#8220;Beyond cryptomining, the threat actor monetizes infections through CPA (Cost Per Action) fraud, directing victims to content locker pages under the guise of software registration,&#8221; Elastic<\/div>\n<p> \t<BR><br \/>\n <BR><\/BR><\/p>\n<p> \t<BR><br \/>\n<BR><\/BR><br \/>\n<a href=\"https:\/\/thehackernews.com\/2026\/04\/researchers-uncover-mining-operation.html\">Go to TheHackersNews<\/a><br \/>\n \t<BR><br \/>\n <BR><\/BR><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Researchers Uncover Mining Operation Using ISO Lures to Spread RATs and Crypto Miners A\u00a0financially motivated operation\u00a0codenamed REF1695\u00a0has been\u00a0observed leveraging fake installers to deploy remote access trojans (RATs) and cryptocurrency miners since November\u00a02023. &#8220;Beyond cryptomining, the threat actor monetizes infections through CPA (Cost Per Action) fraud, directing victims to content locker pages under the guise of [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[60],"tags":[76],"class_list":["post-11823","post","type-post","status-publish","format-standard","hentry","category-thehackersnews","tag-thehackersnews"],"_links":{"self":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts\/11823"}],"collection":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/comments?post=11823"}],"version-history":[{"count":0,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts\/11823\/revisions"}],"wp:attachment":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/media?parent=11823"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/categories?post=11823"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/tags?post=11823"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}