Security experts at Zscaler discovered that threat actors are using hidden well-known directories of HTTPS sites to store and deliver malicious payloads. Threat actors are favoring a well-known hidden directory present on the HTTPS website for storing and distributing Shade ransomware and phishing pages. The Shade/Troldesh ransomware was the most common one with this approach, the Shade Ransomware was a common one. The attackers used a hidden directory in the HTTPS sites for storing the malware.”]
Source: https://securityaffairs.co/wordpress/83249/cyber-crime/https-sites-deliver-malware.html