June 27, 2024 at 06:28PM Unfurling Hemlock, a threat actor, infects systems with a “malware cluster bomb” method, delivering various malware including information stealers, botnets, and backdoors. The attacks start with ‘WEXTRACT.EXE’ file execution and target multiple countries, with a focus on the United States. The group is likely based in Eastern Europe and sells … Read more
June 20, 2024 at 12:01PM A widespread campaign is targeting cryptocurrency users through fake virtual meeting software, Vortax, delivering infostealing malware such as Rhadamanthys, Stealc, and Atomic. The threat actor “Markopolo” is linked to this campaign, posing as a legitimate software company but actually engaging in credential harvesting. This campaign highlights an increased focus on … Read more
June 18, 2024 at 02:40PM Threat actors are using fake browser updates and error messages to trick users into pasting malicious PowerShell scripts, leading to malware infections. Researchers from Proofpoint identified two social engineering methods and observed the use of PowerShell in various campaigns, indicating a trend of creative attack chains. Mitigation includes user awareness … Read more
June 11, 2024 at 12:39PM BlackBerry’s cybersecurity firm Cylance confirmed that the data being sold on the Dark Web doesn’t pose a threat to customers. They believe the information is related to marketing data before BlackBerry’s acquisition, and it came from an undisclosed third-party platform. Cylance also stated that their systems remain secure. The validity … Read more
April 23, 2024 at 05:34PM A financially motivated threat actor, known as CoralRaider, is conducting an ongoing malware campaign targeting systems in the U.S., U.K., Germany, and Japan. The group uses a content delivery network cache to distribute malware, including info stealers LummaC2, Rhadamanthys, and Cryptbot. The attacks start with malicious Windows shortcut files delivered … Read more
April 15, 2024 at 10:41AM A Russian threat actor is targeting game developers with fraudulent Web3 gaming projects, spreading infostealers on MacOS and Windows. The goal is to defraud and steal cryptocurrency wallets. The campaign uses fake social media accounts and impersonates legitimate projects. The report recommends maintaining vigilance, providing training to recognize social engineering … Read more
April 4, 2024 at 12:15PM A suspected Vietnamese threat actor named CoralRaider targets victims in Asian and Southeast Asian countries with malware to steal valuable data. They use RotBot, Quasar RAT, and XClient stealer to steal credentials, financial data, and social media accounts primarily for monetization. The group also uses malvertising campaigns on Facebook to … Read more
March 7, 2024 at 01:35AM Group-IB’s annual High Tech Crime Trends report revealed 225,000 stolen ChatGPT stealer logs were found for sale on the dark web between January and October 2023, with a 36% increase in the number of logs from June to October. This poses significant security risks for businesses, as compromised logins expose … Read more
February 29, 2024 at 11:37AM Cybercriminals are increasingly using infostealers to acquire online account passwords and sensitive data to gain access to organizations’ IT environments for deploying ransomware. Notorious ransomware gangs such as LockBit and Trickbot/Conti are interested in obtaining and using infostealers, while the market for stolen credentials gathered by these malware has surged. … Read more
January 16, 2024 at 04:34PM The macOS platform faces persistent challenges with information stealers evading detection, as highlighted in a report by SentinelOne that presents three malware examples circumventing XProtect. KeySteal, Atomic Stealer, and CherryPie showcase the ability of malware to evolve and avoid detection, emphasizing the need for advanced security measures beyond static detection. … Read more