A certification authority (CA) official website was harboring #malware and facilitated downloads of a backdoored client to users. Attackers clearly intended to spread malware to users in Mongolia by compromising a trustworthy source, which in this case is a CA in Mongolia

https://decoded.avast.io/luigicamastra/backdoored-client-from-mongolian-ca-monpass/