Security Affairs

NOVEMBER 29, 2024

Phishing tool Rockstar 2FA targets Microsoft 365 credentials, it uses adversary-in-the-middle (AitM) attacks to bypass multi-factor authentication. Trustwave researchers are monitoring malicious activity associated with Phishing-as-a-Service (PaaS) platforms, their latest report focuses on a toolkit called Rockstar 2FA.

Phishing 113

Phishing Accountability Authentication Advertising 113

Krebs on Security

APRIL 3, 2024

Roughly nine years ago, KrebsOnSecurity profiled a Pakistan-based cybercrime group called “ The Manipulaters ,” a sprawling web hosting network of phishing and spam delivery platforms. Manipulaters advertisement for “Office 365 Private Page with Antibot” phishing kit sold on the domain heartsender,com.

Phishing 277

Phishing Cybercrime Malware Advertising 277

Krebs on Security

APRIL 4, 2024

The disclosure revealed a profitable network of phishing sites that behave and look like the real Privnote, except that any messages containing cryptocurrency addresses will be automatically altered to include a different payment address controlled by the scammers. A screenshot of the phishing domain privatemessage dot net.

Phishing 270

Phishing Cryptocurrency DDOS Internet 270

Krebs on Security

APRIL 8, 2019

Almost exactly one year ago, KrebsOnSecurity reported that a mere two hours of searching revealed more than 100 Facebook groups with some 300,000 members openly advertising services to support all types of cybercrime, including spam, credit card fraud and identity theft. Facebook responded by deleting those groups.

Cybercrime 249

Cybercrime Passwords Identity Theft Accountability 249

Krebs on Security

MAY 16, 2019

The locations of alleged GozNym cybercrime group members. According to the indictment, the GozNym network exemplified the concept of ‘cybercrime as a service,’ in that the defendants advertised their specialized technical skills and services on underground, Russian-language, online criminal forums. Source: DOJ.

Cybercrime 215

Cybercrime Banking Small Business Computers and Electronics 215

Security Affairs

JANUARY 10, 2025

Check Point researchers discovered a new version of the Banshee macOS infostealer which is distributed through phishing websites and fake GitHub repositories, often masqueraded as popular software. In August 2024, Russian crooks advertised a macOS malware called BANSHEE Stealer that can target both x86_64 and ARM64 architectures.

Malware 120

Malware Advertising Antivirus Cybercrime 120

Krebs on Security

JULY 10, 2024

The Russia-based cybercrime group dubbed “ Fin7 ,” known for phishing and malware attacks that have cost victim organizations an estimated $3 billion in losses since 2013, was declared dead last year by U.S. Among the new Fin7 domains Silent Push found are several sites phishing people seeking tickets at the Louvre.

Phishing 312

Phishing Cybercrime Malware Software 312

Malwarebytes

JANUARY 30, 2025

Just days after we uncovered a campaign targeting Google Ads accounts, a similar attack has surfaced, this time aimed at Microsoft advertisers. These malicious ads, appearing on Google Search, are designed to steal the login information of users trying to access Microsoft’s advertising platform. mcrosoftt[.]com.

Advertising 82

Advertising Phishing Accountability Marketing 82

Security Affairs

MAY 27, 2022

The FBI warns organizations in the higher education sector of credentials sold on cybercrime forums that can allow threat actors to access their networks. “The FBI is informing academic partners of identified US college and university credentials advertised for sale on online criminal marketplaces and publically accessible forums.

Cybercrime 145

Cybercrime Education Accountability Phishing 145

Security Affairs

FEBRUARY 16, 2021

Researchers from threat intelligence Cyble have discovered threat actors abusing the Ngrok platform in a fresh phishing campaign. Researchers at the threat intelligence firm Cyble discovered a new wave of phishing attacks targeting multiple organizations that are abusing the ngrok platform, a secure and introspectable tunnel to the localhost.

Phishing 142

Phishing Cybercrime Mobile Internet 142

Security Affairs

FEBRUARY 3, 2025

Since 2021, the Crazy Evil gang has become a major cybercriminal group, using phishing, identity fraud, and malware to steal cryptocurrency. Crazy Evil has earned over $5 million through phishing scams since 2021. Crazy Evil actively recruits affiliates by advertising its cybercriminal network with specific skill requirements.

Scams 84

Scams Media Cryptocurrency Cybercrime 84

Krebs on Security

AUGUST 19, 2020

The COVID-19 epidemic has brought a wave of email phishing attacks that try to trick work-at-home employees into giving away credentials needed to remotely access their employers’ networks. The employee phishing page bofaticket[.]com. Image: urlscan.io.

Phishing 363

Phishing VPN Social Engineering Media 363

Krebs on Security

FEBRUARY 28, 2023

In each case, the goal of the attackers was the same: Phish T-Mobile employees for access to internal company tools, and then convert that access into a cybercrime service that could be hired to divert any T-Mobile user’s text messages and phone calls to another device. ” or “ Tmo up!

Mobile 340

Mobile Phishing Authentication Advertising 340

Security Affairs

NOVEMBER 11, 2023

The Royal Malaysian Police announced the seizure of the notorious BulletProftLink phishing-as-a-service (PhaaS) platform. The Royal Malaysian Police announced to have dismantled the notorious BulletProftLink phishing-as-a-service (PhaaS) platform. The operation was first documented on OSINT Fans by Gabor Szathmari in October 2020.

Phishing 143

Phishing Cybercrime Advertising Hacking 143

Malwarebytes

FEBRUARY 4, 2025

These tools can also answer an endless array of factual questions, much like the separate AI tool Perplexity, which advertises itself not as a search engine, but as the worlds first answer engine. And for malicious users, hackers, and scammers, generative AI has delivered oil-slick efficiency to proven attack methods.

Artificial Intelligence 144

Artificial Intelligence Small Business Malware Technology 144

Krebs on Security

DECEMBER 29, 2020

In almost every category — from epic breaches and ransomware to cybercrime justice and increasingly aggressive phishing and social engineering scams — 2020 was a year that truly went to eleven. But it was hardly a dull one for computer security news junkies.

Scams 306

Scams Social Engineering Cybercrime Advertising 306

Security Affairs

APRIL 15, 2020

The report focuses on phishing kits – the driving force of the phishing industry, which is hard to detect but extremely valuable in terms of fight against phishing. The growing demand for phishing kits is also reflected in its price that skyrocketed last year by 149 percent and exceeded $300 per item.

Phishing 136

Phishing Marketing Advertising Cyber threats 136

Security Affairs

NOVEMBER 26, 2019

A group under the Magecart umbrella adopted a new tactic that leverages on MiTM and phishing attacks to target sites using external payment processors. The name Fullz House comes from two different attack techniques, the phishing, and the web skimming. The [phishing] pages are part of a framework,” they wrote.

Phishing 134

Phishing Cybercrime Advertising Software 134

SecureWorld News

OCTOBER 17, 2022

A low-cost Phishing-as-a-Service (PhaaS) platform that has an open registration process could allow just about anyone with email to become a cybercriminal. While phishing campaigns are nothing new, this "as-a-service" approach is a bit concerning, as it makes it easier for people with nefarious intentions to access and use the type of attack.

Phishing 128

Phishing Cybercrime Accountability Advertising 128

SecureList

APRIL 5, 2023

They have become adept at using Telegram both for automating their activities and for providing various services — from selling phishing kits to helping with setting up custom phishing campaigns — to all willing to pay. ” Links to the channels are spread via YouTube, GitHub and phishing kits they make.

Phishing 144

Phishing Marketing Scams Accountability 144

SecureWorld News

FEBRUARY 14, 2025

Last year saw a 110% rise in cybercrime in the lead up to Valentine's Day. And 2025 will be no different, as increasingly sophisticated online hackers seek to take advantage of Valentine's themed email traffic, social media advertisements, or marketing campaigns, and exploit heightened emotions and a desire to connect.

Scams 71

Scams Cybercrime Social Engineering Phishing 71

Security Affairs

JUNE 13, 2021

The Anti-Phishing Working Group (APWG) revealed that the number of phishing websites peaked at record levels in the first quarter of 2021. The Anti-Phishing Working Group (APWG) has published its new Phishing Activity Trends Report related to the first quarter of 2021. Reported Phishing Websites for Q1 2021.

Phishing 126

Phishing Advertising Cryptocurrency Encryption 126

Security Affairs

MARCH 14, 2023

Microsoft warns of large-scale phishing attacks orchestrated with an open-source adversary-in-the-middle (AiTM) phishing kit available in the cybercrime ecosystem Adversary-in-the-middle (AiTM) phishing kits are becoming an essential technology in the cybercrime ecosystem that is used by multiple threat actors to launch phishing attacks.

Phishing 98

Phishing Cybercrime Authentication Advertising 98

Krebs on Security

JULY 20, 2021

.” Over the course of his 15-year cybercriminal career, Severa would emerge as a pivotal figure in the cybercrime underground , serving as the primary moderator of a spam community that spanned multiple top Russian cybercrime forums. Severa rented out segments of his Waledac botnet to anyone seeking a vehicle for sending spam.

Antivirus 343

Antivirus Cybercrime Identity Theft Scams 343

Security Affairs

NOVEMBER 25, 2018

Researchers at AppRiver uncovered a very trivial phishing campaign targeting the streaming service Spotify, anyway, it is important to share info about it. Security researchers at AppRiver uncovered a phishing campaign targeting the popular streaming service Spotify. Clicking on the button, users are redirected to a phishing page.

Phishing 110

Phishing Accountability Advertising Passwords 110

Malwarebytes

FEBRUARY 19, 2025

That means that, for instance, ransomware that works on a Windows laptop doesnt automatically work on a Mac laptop, and likewise, a phishing app developed for Android devices doesnt work on iPhones. But in the world of cybercrime, malware features only mean so much.

Malware 127

Malware Software Passwords Cryptocurrency 127

SecureWorld News

JANUARY 30, 2025

In a coordinated international effort, law enforcement agencies from the United States, Europe, and Australia have dismantled Cracked and Nulled, two of the world's largest cybercrime marketplaces. The forum had more than 4 million users and listed more than 28 million posts advertising illicit services. He is now facing U.S.

Cybercrime 104

Cybercrime Identity Theft Hacking Cryptocurrency 104

Security Affairs

SEPTEMBER 23, 2021

Microsoft uncovered a large-scale phishing-as-a-service operation, dubbed BulletProofLink, that enabled threat actors to easily carry out malicious campaigns. BulletProofLink service was very cheap and allowed threat actors to arrange phishing campaigns without specific technical capabilities. ” concludes Microsoft.

Phishing 115

Phishing Cybercrime Advertising Hacking 115

Security Affairs

FEBRUARY 24, 2020

Racoon malware , Legion, Mohazo, and Racealer, is an infostealer that recently appeared in the threat landscape that is advertised in hacking forums. According to a report published by security firm CyberArk, Raccoon is mostly delivered through Exploit Kits and Phishing Campaigns. ” reads the report published by CyberArk.

Cybercrime 131

Cybercrime Malware Cryptocurrency Advertising 131

Security Affairs

APRIL 25, 2019

Experts at Proofpoint discovered that free code repositories on GitHub have been abused since at least 2017 to host phishing websites. Researchers at Proofpoint reported that crooks are abusing free code repositories on GitHub to host phishing websites and bypass security defenses. SecurityAffairs – GitHub, cybercrime).

Phishing 109

Phishing Advertising Accountability Cybercrime 109

Krebs on Security

SEPTEMBER 29, 2021

In February, KrebsOnSecurity wrote about a novel cybercrime service that helped attackers intercept the one-time passwords (OTPs) that many websites require as a second authentication factor in addition to passwords. agency — advertised a web-based bot designed to trick targets into giving up OTP tokens.

Passwords 345

Passwords Mobile Authentication Banking 345

Security Affairs

AUGUST 5, 2019

A crook involved in a spear phishing scheme and that was in Kenya is facing up to 20 years in the US federal prison for stealing thousands of dollars from US universities. Amil Hassan Raage, 48, pleaded guilty last week in a southern California court to fraudulently receiving almost $750,000 as part of a spear phishing scheme.

Phishing 111

Phishing Banking Advertising Accountability 111

Malwarebytes

FEBRUARY 3, 2025

Last week on Malwarebytes Labs: ClickFix vs. traditional download in new DarkGate campaign Cybercrime gets a few punches on the nose Microsoft advertisers phished via malicious Google ads The DeepSeek controversy: Authorities ask where does the data come from and how safe is it?

Healthcare 66

Healthcare Data breaches Cybercrime Advertising 66

Security Affairs

SEPTEMBER 18, 2020

Web-phishing targeting various online services almost doubled during the COVID-19 pandemic , it accounted for 46 percent of the total number of fake web pages. Secure web- phishing. In the first six months of 2020, CERT-GIB blocked a total of 9 304 phishing web resources, which is an increase of 9 percent compared to the previous year.

Phishing 136

Phishing Ransomware Spyware Banking 136

Security Affairs

JANUARY 27, 2019

The Cobalt cybercrime gang has been using Google App Engine to distribute malware through PDF decoy documents. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini. SecurityAffairs – Cobalt, Google App Engine).

Engineering 111

Engineering Cybercrime Banking Advertising 111

Security Affairs

OCTOBER 11, 2022

Researchers warn of a new phishing-as-a-service (PhaaS) toolkit, called Caffeine, which is being used by cybercriminals. In March 2022, Mandiant researchers discovered threat actors using a shared Phishing-as-a-Service (PhaaS) platform called Caffeine. ” reads the report published by Mandiant.

Phishing 108

Phishing Cybercrime Accountability Advertising 108

Security Affairs

NOVEMBER 16, 2018

According to Group-IB’s report findings, Asia is one of the most actively attacked regions in the world, the company presented latest cybercrime trends. Spear phishing remains the major vector of attack: approximately 56% of all money siphoned off from ICO were stolen using phishing.

Cybercrime 108

Cybercrime Hacking Banking Phishing 108