Cyware Feed _ 22 November 2022_ _ 0 Comments DEV-0569 Group Switches Tactics, Abuses Google Ads to Deliver Payloads DEV-0569 uses a malware downloader, BatLoader, that drops the next stage payloads (via PowerShell commands), including Royal ransomware and Cobalt Strike Beacon implant. Author QBot Uses DLL Hijacking, Abuses Control Panel Executable In a Fresh Attack Wave22 November 2022Analysis of Luna Moth Callback Phishing Campaign22 November 2022