Crypto-stealing malware posing as a meeting app targets Web3 pros

December 6, 2024 at 10:45AM Cybercriminals have launched a campaign named “Meeten,” targeting Web3 professionals via fake video meetings that install crypto-stealing malware on Windows and Macs. The scheme uses sophisticated social engineering tactics to prompt users to download malicious software, compromising sensitive data, including cryptocurrency wallets and personal banking information. ### Meeting Takeaways on … Read more

More_eggs MaaS Expands Operations with RevC2 Backdoor and Venom Loader

December 6, 2024 at 03:48AM The More_eggs malware has expanded with new families: RevC2, an information-stealing backdoor, and Venom Loader, a customized malware loader. Both are deployed via VenomLNK. Their campaigns, observed from August to October 2024, demonstrate ongoing innovation in the malware-as-a-service sector despite previous arrests of key operators. ### Meeting Takeaways – December … Read more

Microsoft: Another Chinese cyberspy crew targeting US critical orgs ‘as of yesterday’

December 5, 2024 at 08:13PM Microsoft’s threat intelligence team reports that the China-linked group Storm-0227 is targeting critical infrastructure and US government agencies, leveraging public security vulnerabilities and spear-phishing tactics. Active since January, they steal credentials and sensitive data, indicating significant and ongoing espionage efforts focused on US defense, telecommunications, and legal sectors. ### Meeting … Read more

New Android spyware found on phone seized by Russian FSB

December 5, 2024 at 12:18PM Russian programmer Kirill Parubets was detained by the FSB and found spyware installed on his phone after it was returned. Citizen Lab confirmed the malware impersonates a popular app and offers extensive permissions. The spyware appears related to the Monokle variant, with enhanced features for surveillance and data extraction. ### … Read more

BT Investigating Hack After Ransomware Group Claims Theft of Sensitive Data

December 5, 2024 at 05:55AM BT is investigating a ransomware attack by the Black Basta group, which claims to have stolen 500 GB of sensitive data. The group threatens to leak the data unless a ransom is paid. BT affirmed that only specific elements of its Conferencing platform were affected, and services remain operational. ### … Read more

Russian hackers hijack Pakistani hackers’ servers for their own attacks

December 5, 2024 at 03:48AM The Russian cyber-espionage group Turla is hijacking the infrastructure of Pakistani threat actor Storm-0156 to conduct covert attacks on compromised networks, particularly targeting Afghan and Indian government entities. This tactic, observed since late 2022, allows Turla to stealthily deploy malware while complicating attribution efforts. **Meeting Takeaways** 1. **Turla’s Activities:** – … Read more

ANEL and NOOPDOOR Backdoors Weaponized in New MirrorFace Campaign Against Japan

December 5, 2024 at 03:30AM The China-linked group MirrorFace has launched a spear-phishing campaign targeting individuals in Japan since June 2024, delivering backdoors NOOPDOOR and ANEL. This marks the return of ANEL, previously used by APT10. The attacks leverage malicious OneDrive links and various infection vectors, focusing on national security and international relations themes. ### … Read more

Russian hackers hijack Pakistani hackers’ servers for their own attacks

December 4, 2024 at 12:11PM The Russian cyber-espionage group Turla is infiltrating the infrastructure of the Pakistani threat actor Storm-0156, using its compromised networks for covert attacks since late 2022. This strategy allows Turla to stealthily gather intelligence while complicating attribution efforts, leveraging previously breached targets, including Afghan governmental entities. **Meeting Notes Takeaways:** 1. **Turla’s … Read more

Researchers Uncover Backdoor in Solana’s Popular Web3.js npm Library

December 4, 2024 at 05:06AM Cybersecurity researchers have identified a software supply chain attack targeting the @solana/web3.js npm library, with malicious versions 1.95.6 and 1.95.7 designed to steal users’ private keys and drain cryptocurrency wallets. Affected users are advised to update their versions and potentially rotate their authority keys. ### Meeting Takeaways – December 4, … Read more

Cloudflare’s developer domains increasingly abused by threat actors

December 3, 2024 at 04:06PM Cybercriminals are increasingly abusing Cloudflare’s ‘pages.dev’ and ‘workers.dev’ for phishing and malicious activities, with Fortra reporting a 198% rise in phishing incidents on Cloudflare Pages and a 104% increase on Cloudflare Workers. This exploitation leverages Cloudflare’s trusted reputation, complicating detection and allowing efficient phishing campaigns. **Meeting Takeaways:** 1. **Increase in … Read more