August 2, 2024 at 02:37PM A malvertising campaign on Facebook targets users seeking AI image editing tools, deceiving them into installing fake apps that mimic genuine software and stealing their credentials. Based on the meeting notes, it appears that a malicious advertising campaign on Facebook is specifically targeting users who are searching for AI image … Read more
August 1, 2024 at 03:03PM Attackers are using hijacked Facebook pages to lure victims into downloading a seemingly legitimate AI photo editor, but ultimately serving up a widely distributed infostealer, the Lumma stealer, to steal user credentials and sensitive information. The malvertising campaign exploits AI’s popularity and various tactics to deliver malware, with phishing being … Read more
August 1, 2024 at 05:15AM A malvertising campaign targeting social media pages was discovered, with threat actors utilizing fake AI photo editor websites to execute credential theft. By hijacking and renaming social media pages to mimic legitimate AI photo editors, the threat actors post malicious links to phishing websites. These websites prompt users for their … Read more
August 1, 2024 at 03:12AM Facebook users are being targeted by a scam e-commerce network using fake websites to steal personal and financial data through malvertising. The campaign, known as ERIAKOS, targets mobile users with ad lures on Facebook, impersonating well-known brands. Similar criminal networks have been identified, indicating a growing trend in online fraud … Read more
July 31, 2024 at 01:48PM Google’s ad platform has been manipulated by threat actors to display fake Google Authenticator ads, distributing the DeerStealer malware. Malicious ads impersonate trusted sites, presenting a challenge for detection. Despite efforts to block malicious advertisers, threat actors continue to evade detection through URL cloaking. Clicking on the ads leads to … Read more
July 24, 2024 at 03:04AM A Microsoft Defender SmartScreen security flaw, CVE-2024-21412, was exploited in a campaign targeting Spain, Thailand, and the U.S. to deliver ACR Stealer, Lumma, and Meduza. Attackers use booby-trapped files to drop malicious payloads, bypassing SmartScreen protection. This highlights the ongoing threat of information stealers and the need for vigilance in … Read more
July 16, 2024 at 10:10AM A massive ad fraud operation named Konfety has been uncovered, using hundreds of Google Play Store apps to engage in malicious activities. The campaign exploits a mobile advertising SDK associated with a Russia-based ad network, deploying “evil twin” versions of legitimate apps to commit ad fraud, monitor web searches, and … Read more
June 21, 2024 at 06:15AM A malvertising campaign is using fake websites to distribute backdoor malware disguised as popular software like Google Chrome and Microsoft Teams. The malware, called Oyster, can gather information, communicate with a command-and-control address, and execute remote code. This coincides with the emergence of a new phishing platform called ONNX Store. … Read more
May 24, 2024 at 09:51AM Threat actors are using fake websites posing as legitimate antivirus solutions like Avast, Bitdefender, and Malwarebytes to distribute malware targeting Android and Windows devices. The malware can steal sensitive information. The firms also observed a new Android banking trojan called Antidot, posing as a Google Play update, to facilitate information … Read more
May 20, 2024 at 06:54AM A recent malvertising and cryptocurrency-related campaign uses legitimate services like GitHub and FileZilla to distribute various malware, targeting Android, macOS, and Windows. The campaign, attributed to Russian-speaking threat actors, involves multiple malware variants, including RedLine, Vidar, and DanaBot. This method increases the efficiency of attacks by abusing authentic internet services. … Read more