October 1, 2024 at 12:51PM The Rhadamanthys information stealer has incorporated AI for optical character recognition, enabling it to extract cryptocurrency wallet seed phrases from images and sell the sensitive information for $250 per month. Despite facing bans, the malicious software continues to evolve, releasing a new version in June 2024 with enhanced features to … Read more
August 27, 2024 at 01:30PM Pidgin messaging app removed the ScreenShareOTR plugin from its official third-party plugin list due to security concerns. The plugin was found to be used for installing keyloggers, information stealers, and malware commonly used to breach corporate networks. Based on the meeting notes, it seems that the Pidgin messaging app removed … Read more
August 23, 2024 at 12:18PM Cybersecurity researchers revealed a new dropper facilitating the distribution of information stealers and loaders on Windows systems. The dropper decrypts and executes a PowerShell-based downloader, known as PEAKLIGHT, which then fetches additional malware payloads. The attack chain begins with the distribution of Windows shortcut (LNK) files within ZIP archives disguised … Read more
July 1, 2024 at 06:00PM “Unfurling Hemlock,” a financially motivated Eastern European threat actor, is using a cluster bomb cyber tactic to distribute up to 10 unique malware files at a time on systems in the US, Germany, Russia, and other countries. The attacker distributes malware through nested compressed Microsoft Cabinet (CAB) files and has … Read more
June 10, 2024 at 05:48PM Mandiant’s investigation confirmed that recent account compromises at Snowflake were due to customers’ failure to implement multifactor authentication (MFA) and access control. Attackers systematically accessed accounts using stolen credentials obtained elsewhere. Compromised accounts’ data was extorted or sold on cybercrime forums. MFA implementation and stronger authentication methods are recommended to … Read more
April 24, 2024 at 09:15AM Cisco’s Talos security research unit warns of threat actor CoralRaider using information stealers to target users worldwide and harvest credentials and financial data. The threat actor, likely of Vietnamese origin, has been active since at least 2023 and has been targeting users with a combination of three information stealers—Cryptbot, LummaC2, … Read more
December 29, 2023 at 11:16AM Multiple malware families are exploiting an undocumented Google OAuth endpoint called “MultiLogin” to revive expired authentication cookies and infiltrate users’ accounts. This technique allows cybercriminals to gain unauthorized access to Google accounts, even after password resets or logouts. Despite being notified, Google has not responded to inquiries about this issue. … Read more
November 20, 2023 at 06:42AM The LummaC2 malware has added a new anti-sandbox technique that uses trigonometry to evade detection and steal valuable information from infected hosts. The malware also incorporates control flow flattening and can deliver additional payloads. It requires the use of a crypter to conceal itself and relies on trigonometry to detect … Read more
October 17, 2023 at 12:15PM Nation-state hacking groups are using Discord’s content delivery network (CDN) to target critical infrastructure. While Discord is currently mainly used by information stealers, a cybersecurity firm has found evidence of an artifact targeting Ukrainian critical infrastructure, indicating a potential emergence of APT malware campaigns on the platform. This introduces a … Read more