April 12, 2024 at 07:36AM GitHub search results are being manipulated by threat actors to infect developers with persistent malware, Checkmarx warns. Attackers create malicious repositories with popular names and boost their search rankings using automated updates and fake stars. Unsuspecting users are lured to these repositories, unaware of the hidden dangers. Checkmarx stresses the … Read more
April 11, 2024 at 02:30PM The cloud platform’s 8-year-old version was compromised by attackers to distribute malware capable of taking over infected systems. It seems like there was a discussion in the meeting about attackers compromising an 8-year-old version of a cloud platform to distribute malware that can take over infected systems. Are there any … Read more
March 25, 2024 at 02:06PM A supply-chain attack has targeted the Top.gg Discord bot community of over 170,000 members, aiming to distribute malware for data theft and monetization. An attacker used various tactics, including hijacking accounts and creating fake Python packages, leading to compromised systems and data theft. This underscores the risks in the open-source … Read more
March 14, 2024 at 10:28AM Attackers are using Google redirects in a phishing attack, exploiting a patched vulnerability to spread multifaceted malware. Based on the meeting notes, the key takeaway is that attackers are utilizing Google redirects in their phishing attacks, taking advantage of a previously patched vulnerability to distribute complex malware. Full Article
March 11, 2024 at 10:51AM A new banking trojan called CHAVECLOAK targets users in Brazil via phishing emails with PDF attachments. The attack involves deceptive DocuSign lures leading to an installer file, which installs CHAVECLOAK malware. This sophisticated malware steals sensitive information, monitors financial portals, and connects to a command-and-control server. Additionally, a mobile banking … Read more
February 21, 2024 at 03:15AM VietCredCare, a new information stealer, targets Facebook advertisers in Vietnam, particularly those managing business profiles with positive Meta ad credit balances. The malware is distributed on social media and messaging platforms and is managed by Vietnamese-speaking individuals. It aims to compromise corporate Facebook accounts, posing significant risks to organizations and … Read more
February 8, 2024 at 11:40AM “Ov3r_Stealer” is a novel malware targeting Facebook users through job ads. It steals various data types including geolocation, passwords, and credit card information. The malware uses multiple execution methods and its origin involves complex communication channels and pseudonyms. As a modular tool, it can facilitate other malware and pose a … Read more
February 7, 2024 at 04:29PM Ov3r_Stealer, a new password-stealing malware, spreads through fake job ads on Facebook, leading victims to a Discord URL where a PowerShell script downloads the malware payload. It employs various techniques like malicious file execution, HTML smuggling, and DLL sideloading to establish persistence and steal data every 90 minutes, sending it … Read more
January 31, 2024 at 05:37PM A financially motivated threat actor utilizes USB devices to infect and abuse online platforms such as GitHub, Vimeo, and Ars Technica to host encoded malware. These encoded payloads act as essential components in downloading and executing malware. The attackers, tracked as UNC4990 by Mandiant, predominantly target users in Italy. This … Read more
January 25, 2024 at 05:22AM A new China-aligned threat actor, tracked by ESET under the name Blackwood, has been linked to AitM attacks deploying the sophisticated NSPX30 implant via software update mechanisms. This multistage implant allows for packet interception, network information harvesting, and bypassing of anti-malware solutions. Information suggests a network implant is being deployed … Read more