A new Dharma ransomware strain is using ESET AV Remover installations as a “smoke screen”” technique designed to distract victims while their files are encrypted in the background as detailed by Trend Micro. The ransomware is pushed by the attackers on their targets’ computers using a spam campaign which delivers email attachments containing a. Dharma dropper binary packed as a password-protected self-extracting. archive named Defender.exe and hosted on the hacked server of link[.]fivetier[.]com.”
Source: https://www.bleepingcomputer.com/news/security/dharma-ransomware-uses-legit-antivirus-tool-to-distract-victims/