September 25, 2024 at 12:50PM Threat actors are exploiting public interest in a scandal involving rapper Sean “Diddy” Combs to spread spyware through files claiming to reveal deleted social media posts. Researchers have found PySilon RAT disguised as “PdiddySploit,” posing serious security threats. Attackers are leveraging the scandal to spread malware, urging caution when interacting … Read more
September 19, 2024 at 07:10AM A malicious threat campaign is using GitHub repositories to distribute malware. The campaign targets users who are part of an open source project or subscribe to email notifications from it. Malicious GitHub users create false “security vulnerability” issues to spread malware. From the meeting notes, it appears that a threat … Read more
September 18, 2024 at 09:02PM A phishing attack targeted the upcoming US-Taiwan Defense Industry Conference, aiming to distribute fileless malware through a forged registration form. The event’s organizer, the US-Taiwan Business Council, promptly recognized and repelled the attack. This incident reflects a recurring threat to the conference, as well as the council’s proactive approach to … Read more
September 17, 2024 at 03:46AM Cryptocurrency exchange Binance warns of a global threat targeting cryptocurrency users with clipper malware to facilitate financial fraud. The malware monitors clipboard activity to steal sensitive data and replace cryptocurrency addresses with the attacker’s. Binance advises caution and taking steps to prevent further fraudulent transactions. Blockchain analytics firm Chainalysis reports … Read more
September 11, 2024 at 09:06AM Researcher Mordechai Guri introduced the PIXHELL data exfiltration method, exploiting monitor noise to bypass air-gapped computers. This approach, along with other air gap-jumping techniques, poses security threats. Malware manipulates LCD screen pixels to emit sound waves encoding sensitive information. The attack can transmit data at a rate of 5-20 bits … Read more
September 6, 2024 at 11:22AM A new Android malware called SpyAgent utilizes OCR to extract cryptocurrency wallet recovery phrases from images stored on mobile devices. Based on the meeting notes, it seems that a new Android malware called SpyAgent has been identified. This malware uses optical character recognition (OCR) technology to extract cryptocurrency wallet recovery … Read more
September 6, 2024 at 05:43AM The report discusses the TIDRONE threat cluster targeting military-related industries in Taiwan, particularly drone manufacturers. It highlights advanced malware tools, attack chain behaviors, loaders, backdoors, and attribution analysis linking the campaign to an unidentified Chinese-speaking threat group. The report also suggests protective measures and provides indicators of compromise. Based on … Read more
September 3, 2024 at 06:48AM A new Android banking trojan named Rocinante targets mobile users in Brazil, capable of keylogging and stealing personal information from victims. The malware can masquerade as various banking apps and is linked to a threat actor known as DukeEugene. Symantec also highlighted a banking trojan campaign targeting Spanish and Portuguese-speaking … Read more
September 2, 2024 at 12:24AM Developers of Roblox are being targeted by a persistent campaign that uses fake npm packages to compromise systems, mimicking the popular ‘noblox.js’ library. Attackers employ brandjacking and starjacking to give a facade of legitimacy. Malicious packages steal data and deploy malware, with the end goal being to deploy Quasar RAT … Read more
August 30, 2024 at 02:11PM A campaign launched on August 5, 2024, is disseminating a new malware called “Voldemort” to global organizations by posing as tax agencies from the U.S., Europe, and Asia. Based on the meeting notes, it appears that a campaign was launched on August 5, 2024, spreading a new malware called “Voldemort” … Read more