A new malware that’s striking online gambling companies in China is a watering hole attack to deploy either Cobalt Strike beacons or a previously undocumented Python-based backdoor called BIOPASS RAT. The attack involves deceiving gaming website visitors into downloading a malware loader camouflaged as a legitimate installer for popular-but-deprecated apps such as Adobe Flash Player or Microsoft Silverlight, only for the loader to act as a conduit for fetching next-stage payloads. The malware is also notable for its focus on stealing private data from web browsers and instant messaging apps.
Source: https://thehackernews.com/2021/07/hackers-spread-biopass-malware-via.html