July 12, 2024 at 09:42AM AT&T experienced a major data breach, with threat actors stealing call logs for nearly all mobile customers, involving around 109 million customers. The breach occurred in April 2024, compromising call and text records for a specific period. Although no sensitive personal information was exposed, potential identity correlation is a concern. … Read more
July 10, 2024 at 02:28AM The ViperSoftX malware, identified in 2020, has now evolved to use .NET CLR to obfuscate its PowerShell commands, concealing them in AutoIt-generated scripts. This sophisticated malware targets professionals by infiltrating pirated eBooks and aims to steal system information and cryptocurrency. Trellix’s report provides detection details for this new variant. Key … Read more
July 8, 2024 at 11:24AM Analysis of dark web malware logs reveals thousands of users accessing child sexual abuse material, shedding light on the potential for combating serious crimes. These info-stealers target various operating systems, harvesting sensitive data for illicit use. The information has been shared with law enforcement to aid in tracking child exploitation … Read more
July 3, 2024 at 11:52AM Recorded Future’s Insikt Group identified thousands of pedophiles accessing child sexual abuse material (CSAM) using stolen credentials. By leveraging data from information-stealing malware, they tracked unique accounts to usernames on various platforms and shared the gathered information with law enforcement to unmask and arrest the individuals. This innovative use of … Read more
June 19, 2024 at 07:00AM A threat actor known as markopolo has been identified as behind a large-scale cross-platform scam targeting digital currency users using social media. The attack involves using a virtual meeting software, Vortax, to deliver malware. The article also highlights cybercriminals’ exploitation of cloud storage services to direct users to phishing landing … Read more
June 11, 2024 at 03:21AM As many as 165 Snowflake customers had their data potentially exposed in a campaign targeting data theft and extortion, identified as UNC5537 by Mandiant. The group is believed to operate under various aliases, targeting organizations worldwide and collaborating with a party based in Turkey. Snowflake is taking measures to enhance … Read more
May 25, 2024 at 07:33PM Cybercriminals capitalized on the release of the Arc web browser for Windows by launching a Google Ads malvertising campaign, tricking users into downloading trojanized installers that infect them with malware. The malicious ads led to typo-squatted domains, where users unknowingly downloaded malware through trojanized installers. Malwarebytes recommends caution and verification … Read more
May 24, 2024 at 01:29PM The Gipy campaign, discovered in 2023, uses an infostealer malware to target users in Germany, Russia, Spain, and Taiwan with phishing lures promising an AI voice changing application. Upon delivery, Gipy enables data theft, cryptocurrency mining, and installation of additional malware. Researchers found various malicious programs being delivered in the … Read more
April 15, 2024 at 04:36PM TA558 hacking group’s “SteganoAmor” campaign uses steganography to conceal and deliver various malware tools, targeting hospitality and tourism organizations worldwide. The campaign involves sending malicious emails with document attachments exploiting a Microsoft Office vulnerability. This leads to the download of various malware families, including spyware, info-stealers, RATs, and downloaders. Over … Read more
April 11, 2024 at 07:45AM TA547, a threat actor, has initiated an invoice-themed phishing campaign targeting German organizations with the Rhadamanthys information stealer. This marks the first instance of TA547 using Rhadamanthys, possibly with a language model-generated PowerShell script. The group has also evolved into an initial access broker for ransomware attacks, employing geofencing tricks … Read more