January 30, 2024 at 12:30PM Brazilian law enforcement arrested several operators of the Grandoreiro malware in a recent operation. Slovak cybersecurity firm ESET assisted in uncovering a design flaw in Grandoreiro’s network protocol. The banking trojan targets Latin American countries and has the ability to steal data and control infected devices remotely. The operation aimed … Read more
January 19, 2024 at 10:03PM TA866, a threat actor, has returned after a hiatus, launching a large phishing campaign to distribute malware such as WasabiSeed and Screenshotter. The campaign targeted North America with PDFs containing OneDrive URLs that initiate a multi-step infection chain. Other actors, such as TA571, are involved in spam email campaigns to … Read more
January 17, 2024 at 04:30PM The “Inferno Drainer” phishing campaign siphoned over $80 million in cryptocurrency over a year. Using 100 cryptocurrency brands, the attackers lured victims into authorizing fund siphoning, gaining scale from an innovative “drainer-as-a-service” model. The attackers used brand impersonation and social media lures, and the infrastructure was available to rent. Vigilance … Read more
January 4, 2024 at 08:37PM Threat actor UNC-0050, known for targeting Ukrainian organizations with RemcosRAT, is back with a new tactic using anonymous pipes to transfer data covertly. The group’s latest campaign aims at Ukrainian government entities, posing a significant risk to Windows-reliant sectors. Uptycs researchers highlighted the group’s politically motivated activities and state the … Read more
December 28, 2023 at 12:46PM Ukraine’s CERT warns of a new phishing campaign by APT28, a Russian hacker group known for targeting government and Western entities. The attack, occurring between December 15 and 25, 2023, deploys a new Python malware downloader, ‘MASEPIE,’ via phishing emails. APT28 also uses various tools for data theft and network … Read more
December 22, 2023 at 12:42PM A rogue WordPress plugin discovered by threat hunters poses a Magecart campaign threat, creating bogus admin users and injecting malicious code to steal credit card data. The plugin hides in the mu-plugins directory and enables sustained access to the target. This revelation comes amid growing concerns about digital skimming and … Read more
December 22, 2023 at 08:48AM Indian government entities and the defense sector are targeted by a phishing campaign dubbed Operation RusticWeb, dropping Rust-based malware for intelligence gathering. The attack involves Rust-based payloads, PowerShell commands, and trojans like AllaKore RAT, Ares RAT, and DRat. The group behind the campaign is linked to Pakistan and uses advanced … Read more
December 22, 2023 at 08:00AM A recent phishing campaign employs decoy Microsoft Word documents to distribute Nim-based malware. The backdoor lures victims to enable macros, then establishes a connection with a remote server disguised as a Nepali government entity. This comes amidst increased distribution of various malware strains and social engineering campaigns leveraging new tactics. … Read more
December 20, 2023 at 02:35PM A new phishing campaign targeting Instagram users involves fake ‘copyright infringement’ emails enticing recipients to input account details and backup codes on phishing pages. The elaborate scheme masquerades as Meta’s portal and requests sensitive information. Despite signs of fraud, the convincing approach poses a serious threat to unsuspecting victims. Users … Read more
December 15, 2023 at 01:58PM The Gaza Cybergang, a pro-Hamas group, is using a new variant of the Pierogi++ backdoor malware to launch attacks on Palestinian and Israeli targets. The backdoor, based on C++ programming, has been distributed through phishing attacks and social media engagements, with consistent targeting of Palestinian entities reported by Sentinel Labs … Read more