CoralRaider Malware Campaign Exploits CDN Cache to Spread Info-Stealers

April 24, 2024 at 01:39AM A new malware campaign, linked to threat actor CoralRaider, is distributing multiple stealers via Content Delivery Network (CDN) cache domains. The campaign targets various businesses in different countries, adopting deceptive tactics such as phishing emails and booby-trapped links to propagate malware. The modular PowerShell loader script bypasses User Access Controls … Read more

CoralRaider attacks use CDN cache to push info-stealer malware

April 23, 2024 at 05:34PM A financially motivated threat actor, known as CoralRaider, is conducting an ongoing malware campaign targeting systems in the U.S., U.K., Germany, and Japan. The group uses a content delivery network cache to distribute malware, including info stealers LummaC2, Rhadamanthys, and Cryptbot. The attacks start with malicious Windows shortcut files delivered … Read more

‘eXotic Visit’ Spyware Campaign Targets Android Users in India and Pakistan

April 10, 2024 at 10:34AM An Android malware campaign named eXotic Visit is targeting users in South Asia, particularly in India and Pakistan, through fake apps distributed on dedicated websites and Google Play Store. The campaign uses the XploitSPY RAT to gather sensitive data, and its purpose is espionage targeting victims in the region. The … Read more

PyPI suspends new user registration to block malware campaign

March 28, 2024 at 02:04PM PyPI, the Python Package Index, has suspended user registrations and new project creation due to an ongoing malware campaign. Threat actors are uploading fake packages to compromise developers, with the latest report from Checkmarx revealing 365 malicious entries and an info-stealer payload. This emphasizes the importance of rigorously verifying open-source … Read more

Over 100 US and EU orgs targeted in StrelaStealer malware attacks

March 25, 2024 at 12:11PM The StrelaStealer malware has impacted over 100 organizations in the U.S. and Europe, targeting email account credentials. Originally targeting Spanish-speaking users, it now targets U.S. and European individuals. Its distribution through phishing campaigns has substantially increased, with evolved infection methods. The malware’s primary goal remains stealing email login information and … Read more

Hackers Hijack GitHub Accounts in Supply Chain Attack Affecting Top-gg and Others

March 25, 2024 at 08:51AM Unidentified adversaries executed a sophisticated supply chain attack targeting individual developers and Top.gg’s GitHub organization account. The attack involved multiple tactics, including account takeover and malicious code insertion. It led to theft of sensitive data and distribution of trojanized software packages. The incident underscores the need for vigilance and thorough … Read more

Massive Sign1 Campaign Infects 39,000+ WordPress Sites with Scam Redirects

March 22, 2024 at 08:33AM The Sign1 malware campaign has compromised 39,000 WordPress sites in six months, using malicious JavaScript injections to redirect users to scam sites. The recent variant infected 2,500 sites in the last two months alone. The campaign employs rogue JavaScript injected into legitimate HTML widgets and plugins, with time-based randomization to … Read more

Hackers Using Sneaky HTML Smuggling to Deliver Malware via Fake Google Sites

March 18, 2024 at 08:45AM A new malware campaign using bogus Google Sites and HTML smuggling to distribute the AZORult malware for information theft has been discovered by cybersecurity researchers. The campaign employs stealthy tactics to bypass security controls, with findings revealing similar techniques used in recent phishing campaigns to disseminate other malware like Agent … Read more

Malware Campaign Exploits Popup Builder WordPress Plugin to Infect 3,900+ Sites

March 12, 2024 at 05:21AM A new malware campaign targets WordPress sites using Popup Builder plugin, infiltrating over 3,900 sites. It exploits CVE-2023-6000 to create rogue admin users and install harmful plugins. WordPress owners are urged to update plugins and scan for malicious code. Additionally, a high-severity bug in Ultimate Member plugin was disclosed, posing … Read more

Hackers Exploit Misconfigured YARN, Docker, Confluence, Redis Servers for Crypto Mining

March 6, 2024 at 12:15PM Threat actors are utilizing misconfigured and vulnerable servers to conduct Remote Code Execution (RCE) attacks and deploy cryptocurrency miners. Cloud security company Cado has named this activity “Spinning YARN,” with attackers using Golang payloads to exploit Confluence, Docker, Hadoop YARN, and Redis services. The attacks also exploit known vulnerabilities and … Read more