infostealers

22,000 IPs Taken Down in Global Cybercrime Crackdown

by

November 6, 2024 at 08:13AM Law enforcement successfully dismantled over 22,000 malicious IP addresses in an operation targeting phishing, infostealers, and ransomware activities. The crackdown represents a significant step in combating global cybercrime. **Meeting Takeaways:** 1. **Operation Overview**: A significant law enforcement operation targeted cybercrime activities. 2. **Malicious IPs**: Over 22,000 malicious IP addresses were … Read more

Dutch cops pwn the Redline and Meta infostealers, leak ‘VIP’ aliases

by

October 28, 2024 at 08:10AM Dutch police have dismantled the servers of the Redline and Meta infostealers as part of Operation Magnus. They gained access to significant data, including user credentials, and collaborated with international law enforcement. Although disruptive, the impact on cybercrime may be limited, as replacements for the malware are expected. ### Meeting … Read more

Beware: Fake Google Meet Pages Deliver Infostealers in Ongoing ClickFix Campaign

by

October 18, 2024 at 07:00AM Threat actors are using fake Google Meet pages in the ClickFix malware campaign to deliver infostealers for Windows and macOS. Users are tricked into executing malicious PowerShell commands through deceptive error messages. The campaign is linked to two groups, raising concerns about unknown cybercrime services facilitating these operations. ### Meeting … Read more

Gamers Tricked Into Downloading Lua-Based Malware via Fake Cheating Script Engines

by

October 8, 2024 at 01:15PM Users searching for game cheats are lured into downloading Lua-based malware, with a focus on gaming engine supplements. The malware establishes persistence on infected systems, delivering additional payloads. Techniques include GitHub exploitation, targeting gaming communities worldwide. Researchers emphasize a shift to obfuscated Lua scripts as a means of evading detection. … Read more

Session Hijacking 2.0 — The Latest Way That Attackers are Bypassing MFA

by

September 30, 2024 at 08:30AM Attackers are increasingly using session hijacking to bypass MFA. Microsoft detected 147,000 token replay attacks in 2023, a 111% increase YoY. Modern session hijacking targets cloud-based apps, seeking to steal session material and bypass MFA. Phishing toolkits like AitM and BitM, as well as infostealers, are used to hijack sessions. … Read more

Russian Hackers Using Fake Brand Sites to Spread DanaBot and StealC Malware

by

August 16, 2024 at 09:33AM Cybersecurity researchers have identified a complex information theft campaign, “Tusk,” conducted by Russian-speaking cybercriminals. The campaign leverages legitimate brands to distribute malware like DanaBot and StealC through phishing tactics and social engineering. The sophisticated threat actors mimic well-known projects, employing multistage malware delivery methods, highlighting their advanced capabilities in deceiving … Read more

Over 3,000 GitHub accounts used by malware distribution service

by

July 24, 2024 at 06:01PM Stargazer Goblin operates a malware Distribution-as-a-Service on GitHub through a network named Stargazers Ghost Network. The group utilizes fake accounts and compromised sites to distribute password-protected archives containing malware, leading to successful phishing attacks. The operation has generated over $100,000 and continues despite the takedown of some repositories. Users visiting … Read more

New Unfurling Hemlock threat actor floods systems with malware

by

June 27, 2024 at 06:28PM Unfurling Hemlock, a threat actor, infects systems with a “malware cluster bomb” method, delivering various malware including information stealers, botnets, and backdoors. The attacks start with ‘WEXTRACT.EXE’ file execution and target multiple countries, with a focus on the United States. The group is likely based in Eastern Europe and sells … Read more

‘Vortax’ Meeting Software Builds Elaborate Branding, Spreads Infostealers

by

June 20, 2024 at 12:01PM A widespread campaign is targeting cryptocurrency users through fake virtual meeting software, Vortax, delivering infostealing malware such as Rhadamanthys, Stealc, and Atomic. The threat actor “Markopolo” is linked to this campaign, posing as a legitimate software company but actually engaging in credential harvesting. This campaign highlights an increased focus on … Read more

Cut & Paste Tactics Import Malware to Unwitting Victims

by

June 18, 2024 at 02:40PM Threat actors are using fake browser updates and error messages to trick users into pasting malicious PowerShell scripts, leading to malware infections. Researchers from Proofpoint identified two social engineering methods and observed the use of PowerShell in various campaigns, indicating a trend of creative attack chains. Mitigation includes user awareness … Read more