Oyster Backdoor Spreading via Trojanized Popular Software Downloads

June 21, 2024 at 06:15AM A malvertising campaign is using fake websites to distribute backdoor malware disguised as popular software like Google Chrome and Microsoft Teams. The malware, called Oyster, can gather information, communicate with a command-and-control address, and execute remote code. This coincides with the emergence of a new phishing platform called ONNX Store. … Read more

Phishing emails abuse Windows search protocol to push malicious scripts

June 12, 2024 at 06:33PM A new phishing campaign uses HTML attachments to exploit the Windows search protocol, enabling remote servers to deliver malware via batch files. Attackers can manipulate the search window’s title and force searches on remote hosts. The technique was highlighted by Prof. Dr. Martin Johns in 2020 and is now used … Read more

New Phishing Campaign Deploys WARMCOOKIE Backdoor Targeting Job Seekers

June 12, 2024 at 05:15AM Cybersecurity researchers have uncovered an ongoing phishing campaign using job-themed lures to distribute a backdoor named WARMCOOKIE. The backdoor, deployed via email, is capable of capturing information, executing commands, and downloading additional malicious programs. Additionally, another phishing campaign was detailed, utilizing invoice-related decoys to deploy malware through the Windows search … Read more

New Warmcookie Windows backdoor pushed via fake job offers

June 11, 2024 at 11:20AM A new Windows malware called ‘Warmcookie’ is being spread through fake job offer phishing campaigns to infiltrate corporate networks. It is capable of machine fingerprinting, screenshot capturing, and deploying additional payloads. The threat actors create new domains weekly and utilize compromised infrastructure to send phishing emails. Warmcookie gathers victim information, … Read more

China-Linked ValleyRAT Malware Resurfaces with Advanced Data Theft Tactics

June 11, 2024 at 05:03AM Cybersecurity experts have discovered an updated version of malware called ValleyRAT with new capabilities, believed to originate from a China-based threat actor. The malware utilizes a multi-stage process and DLL side-loading to evade security solutions. Additionally, there’s a new phishing campaign targeting Spanish-speaking individuals with an updated keylogger and information … Read more

FlyingYeti APT Serves Up Cookbox Malware Using WinRAR

May 31, 2024 at 11:15AM A month-long phishing campaign by the Russia-aligned threat actor group FlyingYeti used a WinRAR vulnerability to deliver the Cookbox malware to Ukrainian citizens. The attack aimed to exploit financial distress following the lifting of a government moratorium on evictions and utility disconnections. Cloudforce One recommended security measures to mitigate potential … Read more

Free Piano phish targets American university students, staff

May 29, 2024 at 02:16PM Large-scale phishing campaign using unusual lure, offering baby grand piano for free, has earned over $900,000. Phishing emails from alleged university professor lead recipients to a second email purporting to be from a moving firm with payment options only through non-traditional methods. Bitcoin wallet linked to campaign holds over $900,000. … Read more

Banking malware Grandoreiro returns after police disruption

May 18, 2024 at 06:20PM The Android banking trojan “Grandoreiro” is a persistent threat, despite a recent law enforcement crackdown. It’s now targeting English-speaking countries and using diverse phishing lures, including government impersonation emails. The latest variant features advanced evasive tactics, expanded targeting, and detailed victim profiling. IBM analysts have noted its ability to avoid … Read more

Android malware Grandoreiro returns after police disruption

May 18, 2024 at 01:14PM The Android banking trojan “Grandoreiro” is spreading in a large-scale phishing campaign across 60+ countries, targeting accounts of about 1,500 banks. Despite law enforcement efforts in January 2024, it has reemerged with new features and is now targeting English-speaking countries, employing diverse phishing lures and expanded capabilities, indicating a resilient … Read more

Poland says Russian military hackers target its govt networks

May 9, 2024 at 07:18PM Poland warns of state-backed Russian threat group targeting its government institutions. Russian APT28 hackers used a phishing campaign to trick officials into clicking malicious links, compromising their devices. This aligns with previous APT28 operations targeting NATO and EU members. APT28’s history includes hacking the DNC, DCCC, and the German Bundestag. … Read more