August 5, 2024 at 10:38AM Criminals are targeting Windows users with SnakeKeylogger, a malicious software that records keystrokes, steals credentials, takes screenshots, and sends sensitive information to fraudsters. This malware, known for its sophistication and crafty exfiltration of data, is typically spread through phishing campaigns. It can be hidden in Office documents or PDFs attached … Read more
August 2, 2024 at 08:12AM The new Android trojan, BlankBot, discovered by Intel 471, poses a significant threat to users. It disguises itself as utility applications, targeting Turkish Android users and potentially expanding to other countries. Once installed, it gains control of the device, logging sensitive information and executing custom attacks. The trojan communicates with … Read more
August 1, 2024 at 10:06AM Threat actors abused the Stack Exchange Q&A platform to target cryptocurrency users, promoting malware-laden Python packages. The malicious packages stole sensitive data, captured screenshots, and provided remote access to victims’ machines. These attacks demonstrate the exploitation of community-driven platforms to conduct large-scale supply chain attacks, urging individuals and organizations to … Read more
August 1, 2024 at 08:06AM A new Android-targeting remote access trojan named BingoMod, discovered by Cleafy, is designed to steal user information and money through account takeover tactics. The malware, likely developed by Romanian speakers, attempts to lower its detection rate by experimenting with obfuscation techniques. BingoMod also allows threat actors remote device control and … Read more
July 31, 2024 at 08:01AM A novel malware dubbed “SMS Stealer” has targeted Android devices for over two years, stealing SMS messages and one-time passwords. Researchers have tracked its global impact, with India and Russia most affected. This dynamic and sophisticated campaign uses multiple threat vectors and poses a significant risk, underscoring the need for … Read more
July 31, 2024 at 07:27AM Japanese organizations are targeted by a Chinese nation-state threat actor using malware like LODEINFO and NOOPDOOR to steal sensitive data, with Israeli cybersecurity company Cybereason tracking the campaign as Cuckoo Spear, related to APT10. The group uses spear-phishing emails and targets public-facing applications for data exfiltration, maintaining persistence for years. … Read more
July 30, 2024 at 07:24AM Cybersecurity researchers uncovered widespread phishing campaigns targeting small and medium-sized businesses in Poland in May 2024, deploying malware like Agent Tesla, Formbook, and Remcos RAT. The attacks also targeted Italy and Romania. Using compromised accounts and servers, the campaigns utilized a malware loader called DBatLoader to deliver the final payloads, … Read more
July 25, 2024 at 06:42PM CrowdStrike’s threat intel team warns of a new scam using the Lumma infostealing malware, targeting Windows users. The malware extracts sensitive data for criminal use, such as online banking and cryptocurrency credentials. The scam leverages a fake CrowdStrike domain, posing as a recovery tool for a previous faulty sensor update. … Read more
July 9, 2024 at 07:07AM Ongoing surveillanceware operation targets military personnel in Middle East with Android data-gathering tool GuardZoo. More than 450 victims impacted, mainly in Yemen. GuardZoo, a modified version of Dendroid RAT, has over 60 commands and uses WhatsApp for distribution. It has been using the same dynamic DNS domains for C2 operations … Read more
July 3, 2024 at 12:15AM An unnamed South Korean enterprise resource planning (ERP) vendor’s product update server was compromised, leading to the delivery of a Go-based backdoor called Xctdoor. AhnLab Security Intelligence Center identified the attack, which shares similarities with tactics used by the infamous Lazarus Group. The attack also involved a malware injector called … Read more