Recruitment Phishing Scam Imitates Hiring Process
A phishing campaign is using CrowdStrike recruitment branding to deliver malware disguised as a fake application. Learn more.
How to Lose a Fortune with Just One Bad Click
Adam Griffin is still in disbelief over how quickly he was robbed of nearly $500,000 in cryptocurrencies. A scammer called using a real Google phone number to warn his Gmail account was being hacked, sent email security alerts directly from…
Threat Actors Push ClickFix Fake Browser Updates Using Stolen Credentials
ClickFix fake browser updates are being distributed by bogus WordPress plugins. Learn about the common indicators of compromise.
Seeing Through a GLASSBRIDGE: Understanding the Digital Marketing Ecosystem Spreading Pro-PRC Influence Operations
GLASSBRIDGE is an umbrella group of four different companies that operate networks of inauthentic news sites and newswire services.
Fake IT Workers: How HYPR Stopped a Fraudulent Hire
HYPR recently experienced a fake IT worker attempting to gain employment. We are sharing the details to bring awareness to how widespread the problem is.
HijackLoader evolution: abusing genuine signing certificates
Since mid-September 2024, our telemetry has revealed a significant increase in “Lumma Stealer”1 malware deployments via the “HijackLoader”2 malicious loader. On October 2, 2024, HarfangLab EDR detected and blocked yet another HijackLoader deployment attempt – except this time, the malware sample was properly signed with a genuine code-signing certificate. In response, we initiated a hunt for code-signing certificates (ab)used to sign malware samples. We identified and reported more of such certificates. This report briefly presents the associated stealer threat, outlines the methodology for hunting these certificates, and providees indicators of compromise.
Fake recruiter coding tests target devs with malicious Python packages
RL found the VMConnect campaign continuing with malicious actors posing as recruiters, using packages and the names of financial firms to lure developers.
Behind the CAPTCHA: A Clever Gateway of Malware
McAfee Labs recently observed an infection chain where fake CAPTCHA pages are being leveraged to distribute malware, specifically Lumma Stealer. We are observing a campaign targeting multiple countries. Below is a map showing the geolocation of devices accessing fake CAPTCHA URLs, highlighting the global distribution of the attack.
Staying a Step Ahead: Mitigating the DPRK IT Worker Threat
North Korea's IT workforce presents a persistent and escalating cyber threat.
Fake Google Authenticator Website Installs Malware
See how adversaries are impersonating Google Authenticator in Google Ads to deliver the DeerStealer information-stealing malware.
Fake Palo Alto GlobalProtect used as lure to backdoor enterprises
Threat actors target Middle Eastern organizations with malware disguised as the legitimate Palo Alto GlobalProtect Tool that can steal data and execute remote PowerShell commands to infiltrate internal networks further.
%2Fcdn.vox-cdn.com%2Fuploads%2Fchorus_asset%2Ffile%2F25584373%2F247226_AI_Pixel_Reality_CVirginia_3.jpg?width=92&height=&ar=&mode=&format=avif&dpr=2){kind=tracking}
No one’s ready for this
With AI photo editing getting easy and convincing, the world isn’t prepared for an era where photographs aren’t to be trusted.
Social Media Malvertising Campaign Promotes Fake AI Editor Website for Credential Theft
We uncovered a malvertising campaign where the threat actor hijacks social media pages, renames them to mimic popular AI photo editors, then posts malicious links to fake websites.
NullBulge | Threat Actor Masquerades as Hacktivist Group Rebelling Against AI
Actors are masquerading as hacktivists targeting AI-centric communities with commodity malware and customized LockBit payloads.
Fake AWS Packages Ship Command and Control Malware In JPEG Files
On July 13, 2024, the Phylum platform alerted us to a series of odd packages published to the npm package registry. At first glance, these packages appear entirely legitimate; however, as our system automatically noted, they contained sophisticated command and control functionality hidden in image files that would be executed
In China, AI transformed Ukrainian YouTuber into a Russian
Olga Loiek, a University of Pennsylvania student was looking for an audience on the internet – just not like this. Shortly after launching a YouTube channel in November last year, Loiek, a 21-year-old from Ukraine, found her image had been taken and spun through artificial intelligence to create alter egos on Chinese social media platforms. Her digital doppelgangers - like "Natasha" - claimed to be Russian women fluent in Chinese who wanted to thank China for its support of Russia and make a little money on the side selling products such as Russian candies.
Cyber Criminals Exploit GitHub and FileZilla to Deliver Malware Cocktail
A "multi-faceted campaign" has been observed abusing legitimate services like GitHub and FileZilla to deliver an array of stealer malware and banking trojans such as Atomic (aka AMOS), Vidar, Lumma (aka LummaC2), and Octo by impersonating credible software like 1Password, Bartender 5, and Pixelmator Pro.
A Catalog of Hazardous AV Sites – A Tale of Malware Hosting
In mid-April 2024, Trellix Advanced Research Center team members observed multiple fake AV sites hosting highly sophisticated malicious files such as APK, EXE and Inno setup installer that includes Spy and Stealer capabilities. Hosting malicious software through sites which look legitimate is predatory to general consumers, especially those who look to protect their devices from cyber-attacks. The hosted websites made to look legitimate are listed below.
New Go loader pushes Rhadamanthys stealer
A malicious ad for the popular admin tool PuTTY leads victims to a fake site that downloads malware.
RATs Distributed Through Skype, Zoom, & Google Meet Lures
Threat actors are creating and using fake Skype, Zoom, and Google Meet pages to spread RATs.
Fake LastPass App Sneaks Past Apple's Review Team
Popular password management app LastPass is warning customers about a fraudulent app that uses a similar name and icon to attempt to trick LastPass...
%2Fcdn.vox-cdn.com%2Fuploads%2Fchorus_asset%2Ffile%2F24805885%2FSTK160_X_Twitter_003.jpg?width=92&height=&ar=&mode=&format=avif&dpr=2)
X is being flooded with graphic Taylor Swift AI images
Fake sexually explicit images of Taylor Swift have been circulating on X over the last day in the latest example of the proliferation of AI-generated pornography.
Follow-On Extortion Campaign Targeting Victims of Akira and Royal Ransomware
Arctic Wolf Labs has investigated several cases where ransomware victims are being targeted for follow-on extortion attempts by threat actors who are aware of ransom attack details.