The installers, while containing the legitimate software, also carry malicious software that downloads malware like Cobalt Strike or similar. This allows the attackers to gain access to the victim’s endpoint and install second-stage malware, which could range from information stealers to ransomware.
