The Trend Micro Managed XDR team encountered malicious operations that used techniques similar to the ones used by Genesis Market. The threat actor behind these operations abused Node.js to act as a platform for the backdoor, Extended Validation (EV) Code Signing for defense evasion, and possibly Google Colab to host search engine-optimized download sites.

Click for details.