Hackers are utilizing code from a Python clone of Microsoft’s venerable Minesweeper game to hide malicious scripts in attacks on European and US financial organizations.

Ukraine’s CSIRT-NBU and CERT-UA attribute the attacks to a threat actor tracked as ‘UAC-0188,’ who is using the legitimate code to hide Python scripts that download and install the SuperOps RMM.

Superops RMM is a legitimate remote management software that gives remote actors direct access to the compromised systems.