Watering Hole Attack on Kurdish Sites Distributing Malicious APKs and Spyware

September 26, 2024 at 07:51AM French cybersecurity firm Sekoia discovered a long-running cyber espionage campaign, dubbed SilentSelfie, targeting Kurdish websites. The attacks aimed to steal sensitive information using a watering hole technique and various information-stealing frameworks. The campaign, of low sophistication, affected multiple Kurdish sites, indicating a new threat targeting the Kurdish community. The attackers’ … Read more

Fake OnlyFans cybercrime tool infects hackers with malware

September 5, 2024 at 06:24AM Hackers deceive other hackers by distributing a fake tool for OnlyFans, infecting them with Lumma stealer malware. This exemplifies the blurred lines in cybercrime. Lumma is an info-stealing malware, with the capability to spread additional payloads and regain expired Google tokens. Veriti’s findings also uncover a broader operation targeting Disney+ … Read more

Russian Hackers Exploit Safari and Chrome Flaws in High-Profile Cyberattack

August 29, 2024 at 12:24PM Cybersecurity researchers discovered in-the-wild exploit campaigns using patched flaws in Apple Safari and Google Chrome to infect mobile users with malware, attributed to a Russian state-backed threat actor. The campaigns were observed between November 2023 and July 2024, featuring watering hole attacks on Mongolian government websites. N-day exploits were effectively … Read more

Google ads push fake Google Authenticator site installing malware

July 31, 2024 at 01:48PM Google’s ad platform has been manipulated by threat actors to display fake Google Authenticator ads, distributing the DeerStealer malware. Malicious ads impersonate trusted sites, presenting a challenge for detection. Despite efforts to block malicious advertisers, threat actors continue to evade detection through URL cloaking. Clicking on the ads leads to … Read more

‘Stargazer Goblin’ Creates 3,000 Fake GitHub Accounts for Malware Spread

July 29, 2024 at 03:42AM Stargazer Goblin operates a network of inauthentic GitHub accounts, distributing malware and earning $100,000 in illicit profits. The “Ghost” accounts engage in various activities to appear legitimate, making them resistant to takedowns. The scheme propagates malware families such as Atlantida Stealer and involves social engineering attacks, targeting GitHub repositories and … Read more

Network of 3,000 GitHub Accounts Used for Malware Distribution

July 25, 2024 at 07:09AM A threat actor known as Stargazer Goblin has built a network of over 3,000 GitHub accounts to distribute malware and perform malicious activities. Operating since August 2022, the network has earned over $100,000. The accounts, collectively named Stargazers Ghost Network, distribute information-stealing malware and use various tactics to evade detection … Read more

GitHub comments abused to push malware via Microsoft repo URLs

April 20, 2024 at 05:07PM Threat actors are exploiting a GitHub flaw to distribute malware through URLs connected to a Microsoft repository, giving the files an appearance of legitimacy. This vulnerability can be abused with any public repository on GitHub, allowing for convincing lures. Despite attempts by McAfee and others to address this issue, the … Read more

New Jupyter Infostealer Version Emerges with Sophisticated Stealth Tactics

November 6, 2023 at 01:00PM An updated version of the information stealer malware Jupyter has resurfaced with new tactics to establish a persistent presence on compromised systems. The malware leverages PowerShell command modifications and signatures of private keys to appear as a legitimately signed file. It utilizes manipulated search engine optimization and malvertising to trick … Read more

SpyNote Android malware spreads via fake volcano eruption alerts

October 17, 2023 at 11:54AM The Android ‘SpyNote’ malware was recently observed in attacks in Italy. The malware disguised itself as a fake ‘IT-alert’ public alert service, infecting visitors with information-stealing capabilities. The malware is distributed through a website that mimics the real IT-alert site, urging users to install the app for updates on an … Read more

Beware: Lumma Stealer Distributed via Discord CDN

October 16, 2023 at 04:37AM Discord’s content delivery network (CDN) is being exploited by threat actors to distribute the Lumma Stealer malware, which steals user credentials. The malware is spread through direct messages, offering victims Discord Nitro boost in exchange for assistance and prompting them to download a file. Lumma Stealer can steal cryptocurrency wallets … Read more