Found 12 bookmarks
Custom sorting
SuperCard X: exposing a Chinese-speaker MaaS for NFC Relay fraud operation
SuperCard X: exposing a Chinese-speaker MaaS for NFC Relay fraud operation
This report details a newly identified and active fraud campaign, highlighting the emergence of sophisticated mobile malware leveraging innovative techniques: SuperCard X Malware: A novel Android malware offered through a Malware-as-a-Service (MaaS) model, enabling NFC relay attacks for fraudulent cash-outs. Evolving Threat Landscape: Demonstrates the continuous advancement of mobile malware in the financial sector, with NFC relay representing a significant new capability. Combined Attack Vectors: Employs a multi-stage approach combining social engineering (via smishing and phone calls), malicious application installation, and NFC data interception for highly effective fraud. Low Detection Rate: SuperCard X currently exhibits a low detection rate among antivirus solutions due to its focused functionality and minimalistic permission model.‍ * Broad Target Scope: The fraud scheme targets customers of banking institutions and card issuers, aiming to compromise payment card data.
#cleafy.com#EN#2025#SuperCardX#Malware#NFC#report#campaign#mobile
·cleafy.com·
SuperCard X: exposing a Chinese-speaker MaaS for NFC Relay fraud operation
Threat actors misuse Node.js to deliver malware and other malicious payloads | Microsoft Security Blog
Threat actors misuse Node.js to deliver malware and other malicious payloads | Microsoft Security Blog
Since October 2024, Microsoft Defender Experts has observed and helped multiple customers address campaigns leveraging Node.js to deliver malware and other payloads that ultimately lead to information theft and data exfiltration.
#microsoft#EN#2025#Node.js#malware#ClickFix#exfiltration#analysis#campaign
·microsoft.com·
Threat actors misuse Node.js to deliver malware and other malicious payloads | Microsoft Security Blog
Phishing campaign impersonates Booking .com, delivers a suite of credential-stealing malware
Phishing campaign impersonates Booking .com, delivers a suite of credential-stealing malware
Starting in December 2024, leading up to some of the busiest travel days, Microsoft Threat Intelligence identified a phishing campaign that impersonates online travel agency Booking.com and targets organizations in the hospitality industry. The campaign uses a social engineering technique called ClickFix to deliver multiple credential-stealing malware in order to conduct financial fraud and theft. […]
#microsoft#EN#2025#Phishing#campaign#credential-stealing#malware#Booking.com#ClickFix
·microsoft.com·
Phishing campaign impersonates Booking .com, delivers a suite of credential-stealing malware
New TorNet backdoor seen in widespread campaign
New TorNet backdoor seen in widespread campaign
Cisco Talos discovered an ongoing malicious campaign operated by a financially motivated threat actor targeting users, predominantly in Poland and Germany. The actor has delivered different payloads, including Agent Tesla, Snake Keylogger, and a new undocumented backdoor we are calling TorNet, dropped by PureCrypter malware. The actor is running a Windows scheduled task on victim machines—including on endpoints with a low battery—to achieve persistence. The actor also disconnects the victim machine from the network before dropping the payload and then connects it back to the network, allowing them to evade detection by cloud antimalware solutions. We also found that the actor connects the victim’s machine to the TOR network using the TorNet backdoor for stealthy command and control (C2) communications and detection evasion.
#talosintelligence#EN#2025#TorNet#backdoor#campaign#Poland#Germany#analysis#malware
·blog.talosintelligence.com·
New TorNet backdoor seen in widespread campaign
Behind the CAPTCHA: A Clever Gateway of Malware
Behind the CAPTCHA: A Clever Gateway of Malware
McAfee Labs recently observed an infection chain where fake CAPTCHA pages are being leveraged to distribute malware, specifically Lumma Stealer. We are observing a campaign targeting multiple countries. Below is a map showing the geolocation of devices accessing fake CAPTCHA URLs, highlighting the global distribution of the attack.
#mcafee#EN#2024#CAPTCHA#Gateway#Malware#LummaStealer#campaign#fake
·mcafee.com·
Behind the CAPTCHA: A Clever Gateway of Malware
Extension Trojan Malware Campaign
Extension Trojan Malware Campaign
Malwares make no distinction between corporate and personal devices. Therefore, past perceptions of different levels of antivirus for businesses and households must be challenged. ReasonLabs is the first endpoint protection based on a multilayered machine-learning engine, that provides enterprise-grade security for all your personal devices.
#reasonlabs#EN#2024#Extension#Trojan#Malware#Campaign
·reasonlabs.com·
Extension Trojan Malware Campaign