May 11, 2024 at 03:45AM FIN7, a financially motivated threat actor, has used malicious Google ads to imitate reputable brands, such as AnyDesk and Google Meet, to spread the NetSupport RAT. The group has evolved from targeting point-of-sale systems to launching ransomware campaigns and has expanded its malware arsenal. This activity has prompted Microsoft to … Read more
April 18, 2024 at 01:10AM A new malvertising campaign by Google uses multiple fake domains to distribute the backdoor “MadMxShell,” targeting users searching for IP scanning and IT management software. The Windows backdoor is distributed through JavaScript code and DLL side-loading, using DNS MX queries for command-and-control. The threat actor’s origins and motivations are currently … Read more
April 10, 2024 at 09:45AM Cybersecurity researchers have detected a new Raspberry Robin campaign using malicious Windows Script Files to spread malware since March 2024. The campaign, historically spread through USB drives, has expanded to other initial infection methods, including social engineering and malvertising. The WSF files function as downloaders to retrieve the main DLL … Read more
April 8, 2024 at 05:15AM A new phishing campaign targets Latin American users by sending a phishing email with a ZIP file attachment containing a malicious HTML file posing as an invoice. When the link in the HTML file is opened from a Mexican IP address, a CAPTCHA verification page opens, leading to a malicious … Read more
April 2, 2024 at 01:51AM TA558, a threat actor targeting the Latin America region, has launched a large-scale phishing campaign to deploy Venom RAT. Primarily focusing on hotel, travel, trading, financial, manufacturing, industrial, and government sectors in multiple countries, it aims to harvest sensitive data and remotely control systems. Additionally, malvertising campaigns delivering malware are … Read more
March 15, 2024 at 06:57AM Red Canary’s 2024 Threat Detection Report, based on the analysis of 60,000 threats and 216 petabytes of telemetry, highlights the rise of cloud account attacks, Mac malware, and the transformation of malvertising from adware to more dangerous malware. It emphasizes the increasing use of adversarial AI and the growing threats … Read more
March 15, 2024 at 02:51AM Chinese users seeking legitimate software like Notepad++ and VNote on Baidu are targeted with malicious ads, distributing trojanized versions of the software and deploying Geacon. Malicious websites offer download links to these software versions, leading to different types of malware. The malvertising campaigns also distribute other malware like FakeBat via … Read more
February 27, 2024 at 09:29AM The “SubdoMailing” ad fraud campaign utilizes over 8,000 legitimate domains and 13,000 subdomains to send up to five million fraudulent emails daily. Notable brands like MSN, VMware, and eBay have been unknowingly involved, aiding in bypassing spam filters. The threat actors profit from ad views and scams, with Guardio Labs … Read more
February 26, 2024 at 11:01AM A massive ad fraud campaign, “SubdoMailing,” utilizes over 8,000 legitimate internet domains and 13,000 subdomains to send up to 5 million scam and malvertising emails daily, bypassing spam filters and leveraging trusted company domains. Notable companies affected include MSN, VMware, and eBay. The campaign generates revenue through fraudulent ad views … Read more
February 6, 2024 at 10:10AM Threat actors are using fake Facebook job ads to distribute a new Windows-based stealer malware, Ov3r_Stealer, designed to steal credentials and crypto wallets. The campaign’s end goal remains unknown, but the stolen information may be sold to other threat actors or used to distribute additional payloads, including ransomware. This tactic … Read more