Transportation Companies Hit by Cyberattacks Using Lumma Stealer and NetSupport Malware

Proofpoint reported a targeted phishing campaign (May–Aug 2024) against North American transportation and logistics firms that leverages compromised corporate email accounts to inject malicious content into legitimate threads and deliver a range of information stealers and RATs. The actors used .URL attachments and Google Drive links that fetch payloads over SMB, and later adopted a ClickFix-style Base64 PowerShell prompt to deploy DanaBot and other malware, indicating researched, sector-specific social engineering and evolving infrastructure.