Jérôme Segura

#Malvertising pushing fake WinSCP installer.

wincspone[.]com
wincsp[.]pro

Payload is Redline Stealer with C2: 95.217.39.93:32312 via embedded PowerShell

https://www.virustotal.com/gui/file/847445db14dc0c691db65fc9cb7a7ecd8bbdeb5ab800625b1d881bcf3e505362?nocache=1

VirusTotal

VirusTotal

May 19, 2023 at 9:28pmWeb