September 6, 2024 at 11:45AM Threat actors use typosquatting to deceive users into accessing malicious sites or downloading compromised software. They exploit typing errors in open-source repositories like PyPI, npm, and GitHub Actions to introduce supply chain attacks. Cloud security firm Orca’s findings reveal the vulnerability of even trusted platforms like GitHub Actions. Users are … Read more
July 20, 2024 at 01:30PM CrowdStrike’s flawed Windows update led to a global IT disruption, exploited by threat actors to distribute Remcos RAT to Latin American customers using a disguised hotfix. The attack involves a ZIP file containing a malware loader and Spanish instructions, targeting CrowdStrike’s Latin America-based customers. Malicious actors are also setting up … Read more
June 19, 2024 at 01:29PM A phishing-as-a-service operation is targeting financial firms using advanced tactics such as 2FA bypass, QR codes, and typosquatting to compromise Microsoft 365 accounts. The origin of the campaign was traced to a platform called ONNX Store, which operates through Telegram bots. Countermeasures include blocking unverified PDF and HTML attachments, implementing … Read more
April 18, 2024 at 01:10AM A new malvertising campaign by Google uses multiple fake domains to distribute the backdoor “MadMxShell,” targeting users searching for IP scanning and IT management software. The Windows backdoor is distributed through JavaScript code and DLL side-loading, using DNS MX queries for command-and-control. The threat actor’s origins and motivations are currently … Read more
March 29, 2024 at 02:09AM The Python Package Index (PyPI) temporarily halted new user sign-ups due to an influx of malicious projects aimed at developers. Threat actors used typosquatting to upload deceptive versions of popular packages, targeting sensitive data and crypto wallets. Over 500 suspicious packages were uploaded within days, highlighting the increasing risk of … Read more
March 11, 2024 at 05:26PM The practice of typosquatting involves using look-alike websites and domain names to deceive users, often relying on human errors to capture victims. Attackers are continuously improving their tactics, making it difficult to detect these fraudulent domains and messages. Various industries have fallen victim to typosquatting, prompting experts to emphasize the … Read more
March 7, 2024 at 10:55AM Researchers from Palo Alto Networks have discovered new variants of the Bifrost malware targeting Linux. These variants use typosquatting to mimic a legitimate VMware domain, making detection difficult. The malware collects sensitive information and attempts to expand its reach to ARM-based devices. Palo Alto Networks has detected over 100 instances, … Read more
November 1, 2023 at 08:49AM Threat actors are continuously publishing malicious NuGet packages as part of an ongoing campaign, exploiting code execution capabilities. The campaign, which began in August, has seen hundreds of malicious packages placed in the NuGet repository. The threat actors adapt their tactics, utilizing typosquatting and placing malicious functionality in .targets files … Read more
October 12, 2023 at 04:59PM Fraudsters are exploiting X’s new verification system to impersonate brands and steal personal information. The system, implemented after Elon Musk changed the rules, allows anyone to obtain a blue checkmark by paying a monthly fee. Scammers have taken advantage of this, creating fake accounts and using phishing pages to gather … Read more
October 12, 2023 at 09:57AM A malicious package named Pathoschild.Stardew.Mod.Build.Config has been found on the NuGet package manager. It delivers a remote access trojan called SeroXen RAT. The package is a typosquat of a legitimate package and has artificially inflated its download count to over 100,000. The profile behind the package has published six other … Read more