‘Pig butchering’ trading apps found on Google Play, App Store

October 3, 2024 at 03:37PM Fake trading apps on Google Play and Apple’s App Store, known as “UniShadowTrade” malware, have been removed after attracting thousands of downloads. These apps perpetrate “pig butchering” scams, enticing victims with fake investment returns. Once funds are deposited, fraudsters prevent withdrawals, eventually absconding with the money. The threat has now … Read more

Police dismantles phone unlocking ring linked to 483,000 victims

September 19, 2024 at 12:00PM An international law enforcement operation known as “Operation Kaerb” dismantled a criminal network using the iServer phishing platform to unlock stolen mobile phones, affecting 483,000 victims globally. Coordinated by Europol and Group-IB, the operation led to 17 arrests and the seizure of 921 items. This marked the first collaboration between … Read more

New APT Group ‘Lotus Bane’ Behind Recent Attacks on Vietnam’s Financial Entities

March 6, 2024 at 02:15AM A new cyber attack targeting a financial entity in Vietnam was linked to Lotus Bane, an advanced persistent threat group with methods overlapping those of OceanLotus. This suggests possible connections with or inspirations from OceanLotus, though the different target industries indicate potential differences. Financial organizations worldwide have been targeted by … Read more

New ‘Gold Pickaxe’ Android, iOS malware steals your face for fraud

February 15, 2024 at 04:34AM ‘Gold Pickaxe’ is a new iOS and Android trojan employing social engineering to trick victims into providing their faces and ID documents. Developed by the ‘GoldFactory’ Chinese threat group, it’s part of a suite of malware and targets Asia-Pacific. It uses fraudulent apps and webpages to capture sensitive information and … Read more

Hackers steal data of 2 million in SQL injection, XSS attacks

February 6, 2024 at 10:11AM The ‘ResumeLooters’ threat group has compromised 65 job listing and retail sites using SQL injection and XSS attacks, stealing personal data from over two million job seekers primarily in the APAC region. They employ various tools for penetration testing, such as SQLmap and Acunetix, to exploit security weaknesses and inject … Read more

Police Warn Hundreds of Online Merchants of Skimmer Infections

December 27, 2023 at 08:42AM Europol and 17 countries collaborated to notify over 400 online merchants of digital skimmer infections. The operation led by Greece also identified two dozen new skimmers. These malware, also known as JavaScript-sniffers, are injected into legitimate websites to pilfer personal and card information. Such digital skimming may go undetected for … Read more

Cyber sleuths reveal how they infiltrate the biggest ransomware gangs

December 22, 2023 at 11:03AM When AlphV/BlackCat’s website went down, it sparked excitement among cybersecurity defenders who believed law enforcement had busted the cyber criminal crew. Though the website is now back, skepticism remains about its explanation for the outage. Singapore-based Group-IB’s 20th anniversary was celebrated with insights into infiltrating ransomware groups, shedding light on … Read more

New ‘GambleForce’ Threat Actor Behind String of SQL Injection Attacks

December 14, 2023 at 05:20PM Group-IB has detected a new threat group, “GambleForce,” engaged in SQL injection attacks on organizations in the Asia-Pacific region. This group has targeted various sectors, including gambling, government, retail, travel, and job websites, using publicly available penetration-testing tools. The threat actor’s activities have led to data breaches in multiple organizations, … Read more

New Threat Actor Uses SQL Injection Attacks to Steal Data From APAC Companies

December 14, 2023 at 11:18AM Group-IB reports a new hacking group, GambleForce, targeting 24 organizations in Asia-Pacific using SQL injections and CMS vulnerabilities to steal sensitive information. The group relies on open source tools and has successfully exfiltrated data from organizations in Australia, Indonesia, the Philippines, and South Korea. GambleForce’s C&C has been taken down … Read more

New Hacker Group ‘GambleForce’ Tageting APAC Firms Using SQL Injection Attacks

December 14, 2023 at 02:18AM From September 2023, hacker group GambleForce conducted SQL injection attacks in APAC, targeting 24 organizations in gambling, government, retail, and travel sectors. They used tools like dirsearch, sqlmap, and Cobalt Strike, and exploited a Joomla CMS flaw. Group-IB discovered and took down the group’s C2 server and notified the victims. … Read more