October 2, 2024 at 02:28PM A new ‘FakeUpdate’ campaign by the ‘SocGolish’ group in France uses compromised websites to display fake browser and app updates, spreading the WarmCookie backdoor. When users click the fake updates, malicious payloads like info-stealers and ransomware are downloaded. Gen Threat Labs observed the backdoor being distributed as fake Google Chrome … Read more
September 4, 2024 at 06:06PM The MacroPack framework, originally for Red Team exercises, is exploited by threat actors to distribute malicious payloads such as Havoc, Brute Ratel, and PhantomCore. Security researchers at Cisco Talos found various documents in different countries, indicating widespread abuse. These attacks use advanced evasion techniques and represent a concerning trend. Ransomware … Read more
August 30, 2024 at 01:13PM The “Voldemort” malware campaign impersonates tax authorities in Europe, Asia, and the US, targeting organizations worldwide. It has affected dozens of organizations, with 20,000+ phishing messages reported. The malware, using Google Sheets for command and control, is designed for data exfiltration and deploying malicious payloads. Experts advise organizations to enhance … Read more
August 23, 2024 at 12:18PM Cybersecurity researchers revealed a new dropper facilitating the distribution of information stealers and loaders on Windows systems. The dropper decrypts and executes a PowerShell-based downloader, known as PEAKLIGHT, which then fetches additional malware payloads. The attack chain begins with the distribution of Windows shortcut (LNK) files within ZIP archives disguised … Read more
August 2, 2024 at 03:24AM Cybersecurity experts have noted a rise in the misuse of Clouflare’s TryCloudflare free service for distributing malware. Attackers are using it to create temporary tunnels to relay traffic from server to local machine. The campaign, targeting organizations globally, uses phishing emails to deliver various malware, with a focus on financial … Read more
July 30, 2024 at 03:24AM A new phishing campaign, known as OneDrive Pastejacking, targets Microsoft OneDrive users through social engineering tactics to execute a malicious PowerShell script. The attack tricks users by simulating a OneDrive page and providing false instructions to fix a DNS error. The campaign has been observed in various countries, signaling a … Read more
June 17, 2024 at 06:35PM A new malware distribution campaign utilizes fake Google Chrome, Word, and OneDrive errors to deceive users into running malicious PowerShell “fixes,” leading to malware installation. The campaign is linked to threat actors responsible for ClearFake, ClickFix, and TA571 attacks, employing various tactics such as website overlays and HTML attachments to … Read more
May 30, 2024 at 11:16AM Fastly warns of ongoing exploitation of vulnerabilities in three WordPress plugins, enabling the injection of malicious scripts and backdoors. These flaws permit unauthenticated stored cross-site scripting attacks, creation of new administrator accounts, and stealing of credentials. Impacting over 600,000 installations, the campaign is emanating from IPs linked to AS IP … Read more
May 29, 2024 at 08:12AM Microsoft reports a new North Korean threat actor, Moonstone Sleet, targeting education, defense, and IT for espionage and revenue. The group combines tactics of other North Korean actors with unique methods, using fake companies and job opportunities to engage potential targets, employing trojanized tools, launching a custom ransomware, and engaging … Read more
May 21, 2024 at 11:05AM A new attack campaign named CLOUD#REVERSER is using Google Drive and Dropbox for malicious activities. It starts with a phishing email containing a fake Excel file. The file drops multiple payloads, setting up persistence on the host and downloading additional PowerShell scripts to execute commands and download files from cloud … Read more