An increasing number of threat actors are using a free-to-use browser automation framework as part of their attack campaigns. The framework allows users to create applications with a browser, HTTP client, email client and other libraries. It was identified during general research by F5 Labs into credential stuffing attacks – and also in research by NTT into the toolkit used by GRIM SPIDER. The tool’s capabilities include browser emulation, mimicking human behavior – keyboard and mouse support, a mailbox search feature and the ability to load data from file/URL/string.”]
Source: https://www.cuinfosecurity.com/threat-actors-exploiting-free-browser-automation-framework-a-19157