July 3, 2024 at 11:52AM Recorded Future’s Insikt Group identified thousands of pedophiles accessing child sexual abuse material (CSAM) using stolen credentials. By leveraging data from information-stealing malware, they tracked unique accounts to usernames on various platforms and shared the gathered information with law enforcement to unmask and arrest the individuals. This innovative use of … Read more
June 19, 2024 at 07:00AM A threat actor known as markopolo has been identified as behind a large-scale cross-platform scam targeting digital currency users using social media. The attack involves using a virtual meeting software, Vortax, to deliver malware. The article also highlights cybercriminals’ exploitation of cloud storage services to direct users to phishing landing … Read more
June 11, 2024 at 03:21AM As many as 165 Snowflake customers had their data potentially exposed in a campaign targeting data theft and extortion, identified as UNC5537 by Mandiant. The group is believed to operate under various aliases, targeting organizations worldwide and collaborating with a party based in Turkey. Snowflake is taking measures to enhance … Read more
May 25, 2024 at 07:33PM Cybercriminals capitalized on the release of the Arc web browser for Windows by launching a Google Ads malvertising campaign, tricking users into downloading trojanized installers that infect them with malware. The malicious ads led to typo-squatted domains, where users unknowingly downloaded malware through trojanized installers. Malwarebytes recommends caution and verification … Read more
May 24, 2024 at 01:29PM The Gipy campaign, discovered in 2023, uses an infostealer malware to target users in Germany, Russia, Spain, and Taiwan with phishing lures promising an AI voice changing application. Upon delivery, Gipy enables data theft, cryptocurrency mining, and installation of additional malware. Researchers found various malicious programs being delivered in the … Read more
April 15, 2024 at 04:36PM TA558 hacking group’s “SteganoAmor” campaign uses steganography to conceal and deliver various malware tools, targeting hospitality and tourism organizations worldwide. The campaign involves sending malicious emails with document attachments exploiting a Microsoft Office vulnerability. This leads to the download of various malware families, including spyware, info-stealers, RATs, and downloaders. Over … Read more
April 11, 2024 at 07:45AM TA547, a threat actor, has initiated an invoice-themed phishing campaign targeting German organizations with the Rhadamanthys information stealer. This marks the first instance of TA547 using Rhadamanthys, possibly with a language model-generated PowerShell script. The group has also evolved into an initial access broker for ransomware attacks, employing geofencing tricks … Read more
April 10, 2024 at 12:19PM Adversaries are utilizing AI-generated PowerShell scripts, likely produced using OpenAI’s ChatGPT, Google’s Gemini, or Microsoft’s CoPilot, to execute attacks such as the distribution of the Rhadamanthys information stealer. This marks a concerning trend of threat actors applying AI for malicious activities, prompting concerns about the potential impact on cybersecurity and … Read more
March 30, 2024 at 03:45AM Malicious ads and bogus websites are enabling the delivery of two different stealer malware targeting Apple macOS users. These attacks aim to steal sensitive data, with one attack leveraging counterfeit websites and the other exploiting a phony software offer. The development indicates an increasing threat to macOS environments from stealer … Read more
March 29, 2024 at 04:32PM A large infostealer malware campaign targets gaming communities, collecting millions of logins from various gaming websites including cheat users. Phantom Overlay developer discovered a database with gaming-related accounts, estimating several million affected gamers. Activision Blizzard advises 2FA to secure compromised accounts. The company’s servers remain secure and uncompromised amidst the … Read more