An unknown entity was recently found to be targeting cybersecurity researchers and developers with malware-laced versions of dnSpy, a popular debugger and .NET assembly editor.
Since dnSpy is no longer maintained, the creators created a GitHub repository to share the code. However, threat actors have created fake repositories that contain infected versions of the tool — and used a combination of search engine optimization and ad purchases to get malicious websites promoting their infected tool listed prominently in search results.
Acronis Cyber Protect uses advanced behavioral detection to recognize and stop malware, including that contained in these fake versions of dnSpy. At the same time, the included URL filter blocks access to known malicious domains, preventing users from reaching links like these in the first place.
