TookPS distributed under the guise of UltraViewer, AutoCAD, and Ableton

Description

A malware campaign is distributing the TookPS downloader by impersonating popular software like UltraViewer, AutoCAD, SketchUp, Ableton, and Quicken. The malware establishes an SSH tunnel for remote access and deploys additional payloads like TeviRat and Lapmon backdoors. The attackers gain full system control through various methods. The campaign targets both individuals and organizations, using domains registered in early 2024. Users are advised to avoid downloading pirated software, while organizations should implement strict security policies and conduct regular awareness training.