Quote:Most people have probably heard of catfishing. That’s when someone adopts a fake online persona, usually to trick someone into falling in love. Now, threat actors have developed their own spin on the grift, developing appealing — objectively hot — profiles to charm victims into downloading malware.
In a new report, Proofpoint details how the group TA456, associated with the Iranian Revolutionary Guard, invested years in developing the false profile of a fantasy woman named Marcella Flores, an impossibly shiny haired aerobics instructor from the U.K., to rein in unsuspecting targets.
The first signs of Marcella on social media started in 2018, according to Proofpoint’s analysis. Starting about eight months ago, Proofpoint found TA456 used the Marcella Flores profile to slowly build a relationship with someone who worked for a subsidiary of an aerospace defense contractor in the U.S. Over the months, Marcella shared many emails, pictures and even a video to build trust.
It wasn’t until early June that the attackers sent an email from Marcella Flores with the malware, the report added.
“Designed to conduct reconnaissance on the target’s machine, the macro-laden document contained personalized content and demonstrated the importance TA456 placed on the target,” Proofpoint’s report said, adding the malware is a new iteration of the Liderc malware, which Proofpoint calls Lempo.
![[Image: marcella-flores-facebook-profile-1024x911.png]](https://media.threatpost.com/wp-content/uploads/sites/103/2021/08/03155237/marcella-flores-facebook-profile-1024x911.png)
Read more: Iranian APT Lures Defense Contractor in Catfishing-Malware Scam | Threatpost
![[-]](https://www.geeks.fyi/images/collapse.png)
