SecureList

DECEMBER 17, 2024

The attackers would then send what appeared to be the photo itself but was actually a malware installer. In reality, this was malware with no parcel-tracking functionality whatsoever. The link directed users to a phishing site offering to download Mamont for Android ( 12936056e8895e6a662731c798b27333 ).

Scams 89

Scams Malware Social Engineering Banking 89

eSecurity Planet

FEBRUARY 26, 2025

Cybercriminals are shifting their focus from emails to text messages, using mishing a more deceptive form of phishing to target mobile users and infiltrate corporate networks, according to new security research by Zimperium. Vishing: Also known as voice phishing. What is mishing? and 9%in Brazil.

Phishing 88

Phishing Mobile Social Engineering Data breaches 88

Krebs on Security

MAY 22, 2019

Some of the most convincing email phishing and malware attacks come disguised as nastygrams from a law firm. Here’s a look at a recent spam campaign that peppered more than 100,000 business email addresses with fake legal threats harboring malware. Please download and read the attached encrypted document carefully.

Phishing 279

Phishing Antivirus Scams Malware 279

Schneier on Security

FEBRUARY 7, 2023

Criminals using Google search ads to deliver malware isn’t new, but Ars Technica declared that the problem has become much worse recently. The surge is coming from numerous malware families, including AuroraStealer, IcedID, Meta Stealer, RedLine Stealer, Vidar, Formbook, and XLoader.

Malware 282

Malware Phishing Cybercrime 282

Schneier on Security

APRIL 6, 2020

Microsoft is reporting that an Emotat malware infection shut down a network by causing computers to overheat and then crash. The malware further spread through the network without raising any red flags by stealing admin account credentials authenticating itself on new systems, later used as stepping stones to compromise other devices.

Malware 256

Malware Phishing Authentication Internet 256

Krebs on Security

FEBRUARY 28, 2024

But clicking the meeting link provided by the scammers prompts the user to run a script that quietly installs malware on macOS systems. It didn’t dawn on Doug until days later that the missed meeting with Mr. Lee might have been a malware attack. ” Image: SlowMist.

Malware 316

Malware Cryptocurrency Software Phishing 316

Schneier on Security

MAY 5, 2020

Interesting story of malware hidden in Google Apps. That's when Russian security firm Dr. Web found a sample of spyware in Google's app store that impersonated a downloader of graphic design software but in fact had the capability to steal contacts, call logs, and text messages from Android phones.

Malware 266

Malware Spyware Phishing Government 266

Security Affairs

JANUARY 10, 2025

CrowdStrike warns of a phishing campaign that uses its recruitment branding to trick recipients into downloading a fake application, which finally installs the XMRig cryptominer. ” The attack begins with a phishing email impersonating CrowdStrike recruitment, directing recipients to a malicious website.”

Phishing 113

Phishing Scams Malware Authentication 113

Krebs on Security

APRIL 3, 2024

Roughly nine years ago, KrebsOnSecurity profiled a Pakistan-based cybercrime group called “ The Manipulaters ,” a sprawling web hosting network of phishing and spam delivery platforms. Manipulaters advertisement for “Office 365 Private Page with Antibot” phishing kit sold on the domain heartsender,com.

Phishing 266

Phishing Cybercrime Malware Advertising 266

Webroot

OCTOBER 31, 2024

In our annual “Nastiest Malware” report, now in its sixth year, we’ve observed a steady increase in both the number and sophistication of malware attacks. Now let’s take a look at this year’s Nastiest Malware. It is the most successful and lucrative avenue for monetizing a breach of a victim.

Malware 104

Malware Ransomware Passwords Healthcare 104

Security Affairs

JANUARY 5, 2025

PLAYFULGHOST is a new malware family with capabilities including keylogging, screen and audio capture, remote shell access, and file transfer/execution. The backdoor is distributed through: Phishing emails with themes such as code of conduct to trick users into downloading the malware. sys driver.

Malware 130

Malware Encryption Phishing Hacking 130

The Hacker News

OCTOBER 22, 2024

Two malware families that suffered setbacks in the aftermath of a coordinated law enforcement operation called Endgame have resurfaced as part of new phishing campaigns. Tracked under the names BlackWidow, IceNova, Lotus,

Phishing 138

Phishing Malware 138

Malwarebytes

JANUARY 15, 2025

Table of contents Overview Criminals impersonate Google Ads Lures hosted on Google Sites Phishing for Google account credentials Victimology Who is behind these campaigns? Figure 12: The actual phishing page that follows Finally, all the data is combined with the username and password and sent to the remote server via a POST request.

Advertising 134

Advertising Accountability Phishing Scams 134

Krebs on Security

AUGUST 17, 2023

You’ve probably never heard of “ 16Shop ,” but there’s a good chance someone using it has tried to phish you. A 16Shop phishing page spoofing Apple and targeting Japanese users. Image: Akamai.com. The INTERPOL statement says the platform sold hacking tools to compromise more than 70,000 users in 43 countries.

Phishing 222

Phishing Passwords Internet Internet 222

Security Affairs

NOVEMBER 15, 2024

The Glove Stealer malware exploits a new technique to bypass Chrome’s App-Bound encryption and steal browser cookies. The malware could harvest a huge trove of data from infected systems, including cookies, autofill, cryptocurrency wallets, 2FA authenticators, password managers, and email client information.

Encryption 116

Encryption Password Management Cryptocurrency Social Engineering 116

SecureList

OCTOBER 15, 2024

SideWinder’s most recent campaign schema Infection vectors The SideWinder attack chain typically starts with a spear-phishing email with an attachment, usually a Microsoft OOXML document (DOCX or XLSX) or a ZIP archive, which in turn contains a malicious LNK file. If the CPU is not from Intel or AMD, it terminates execution.

Malware 143

Malware Encryption Architecture Phishing 143

Security Affairs

FEBRUARY 12, 2025

The threat actor impersonates a South Korean government official to build trust with the target before sending a spear-phishing email with a bait PDF attachment. Upon running the code as an administrator, it downloads and installs a browser-based remote desktop tool and downloads a certificate file with a hardcoded PIN from a remote server.

Phishing 89

Phishing Malware Security Intelligence Hacking 89

Malwarebytes

FEBRUARY 19, 2025

These findings come from the 2025 State of Malware report. The threat of info stealers Info stealers are a type of malware that do exactly as they saythey steal information from peoples devices. But the variety of information that these pieces of malware can steal makes them particularly dangerous.

Malware 127

Malware Software Passwords Cryptocurrency 127

SecureList

MARCH 10, 2025

We continued to monitor the group throughout the rest of the year, observing intense activity that included updates to SideWinder’s toolset and the creation of a massive new infrastructure to spread malware and control compromised systems. Infection flow The attacker sends spear-phishing emails with a DOCX file attached.

Energy and Utilities 95

Energy and Utilities Malware Government Phishing 95

Security Affairs

AUGUST 13, 2024

CERT-UA warned that Russia-linked actor is impersonating the Security Service of Ukraine (SSU) in a new phishing campaign to distribute malware. The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of a new phishing campaign targeting organizations in the country, including government entities.

Government 138

Government Phishing Malware Banking 138

CSO Magazine

JULY 25, 2022

Phishing , in which an attacker sends a deceptive email tricks the recipient into giving up information or downloading a file, is a decades-old practice that still is responsible for innumerable IT headaches. The fight against phishing is a frustrating one, and it falls squarely onto IT's shoulders.

Phishing 136

Phishing Passwords Malware 136

Security Boulevard

JANUARY 20, 2025

Vulnerabilities and Malware Primarily includes severe and exploited vulnerabilities in devices or software used by end users (ex: a major router firmware flaw). Malware campaigns covered generally target/affect the end user. Approximately 70% of observed malware cases in 2024 derived from browser-based malware.

Surveillance 97

Surveillance Malware Data breaches Scams 97

SecureWorld News

DECEMBER 17, 2024

Simultaneously, a phishing campaign tricked targets into installing a fake kernel update. By downloading and running this code, victims essentially infected themselves." Phishing Campaigns : Victims received emails urging them to install a fake kernel upgrade disguised as a CPU microcode update.

Phishing 109

Phishing Threat Detection Social Engineering Cybercrime 109

Malwarebytes

NOVEMBER 5, 2024

Cybercriminals could use your account to spread spam and phishing emails to your contacts. However, session cookies are usually stolen by malware on the your device. Modern information-stealing malware is capable of, and even focuses on, stealing session cookies as part of its activity.

Accountability 145

Accountability Authentication Malware Banking 145

Security Affairs

FEBRUARY 4, 2025

Threat actors target Brazilian users by stealing financial data, the malware can harvest sensitive information from over 70 financial applications and numerous websites. The Coyote Banking Trojan supports multiple malicious functions, including keylogging, capturing screenshots, and displaying phishing overlays to steal sensitive credentials.

Banking 118

Banking Malware Antivirus Cyber threats 118

Digital Shadows

NOVEMBER 12, 2024

Top MITRE Technique: Spearphishing The construction sector is no stranger to phishing attacks, which topped the list of initial access techniques between October 1, 2023, and September 30, 2024. Phishing is favored by threat actors for its simplicity and effectiveness.

Ransomware 111

Ransomware Phishing Cyber threats Malware 111

Tech Republic Security

NOVEMBER 8, 2023

A new malware is bypassing an Android 13 security measure that restricts permissions to apps downloaded out of the legitimate Google Play Store.

Malware 196

Malware Phishing Software Mobile 196

Krebs on Security

SEPTEMBER 27, 2023

The leaked data suggest that Snatch is one of several ransomware groups using paid ads on Google.com to trick people into installing malware disguised as popular free software, such as Microsoft Teams , Adobe Reader , Mozilla Thunderbird , and Discord. 226 , currently assigned to Matrix Telekom in Russia. com and www-discord[.]com.

Ransomware 301

Ransomware Internet Internet Phishing 301

Security Affairs

AUGUST 3, 2024

A Russia-linked APT used a car for sale as a phishing lure to deliver a modular Windows backdoor called HeadLace. The campaign began around March 2024, the attackers leveraged phishing tactics that have been effective against diplomats for years, exploiting themes that prompt targets to engage with malicious content.

Phishing 135

Phishing Malware Advertising Hacking 135

Security Affairs

DECEMBER 21, 2023

Threat actors are exploiting an old Microsoft Office vulnerability, tracked as CVE-2017-11882, to spread the Agent Tesla malware. Threat actors are exploiting an old Microsoft Office vulnerability, tracked as CVE-2017-11882 (CVSS score: 7.8), as part of phishing campaigns to spread the Agent Tesla malware.

Malware 133

Malware Phishing Spyware Cyber threats 133

The Hacker News

APRIL 8, 2024

Threat hunters have discovered a new malware called Latrodectus that has been distributed as part of email phishing campaigns since at least late November 2023.

Malware 143

Malware Phishing 143

The Hacker News

MARCH 11, 2024

Users in Brazil are the target of a new banking trojan known as CHAVECLOAK that's propagated via phishing emails bearing PDF attachments. This intricate attack involves the PDF downloading a ZIP file and subsequently utilizing DLL side-loading techniques to execute the final malware," Fortinet FortiGuard Labs researcher Cara Lin said.

Banking 141

Banking Phishing Malware 141

The Hacker News

JUNE 18, 2024

The Singapore Police Force (SPF) has announced the extradition of two men from Malaysia for their alleged involvement in a mobile malware campaign targeting citizens in the country since June 2023.

Malware 135

Malware Scams Mobile Phishing 135

SecureWorld News

DECEMBER 4, 2024

The United States retail sector faced an especially aggressive wave of cyber threats, with phishing attacks mimicking major holiday brands [3] including Walmart, Target, and Best Buy increasing by more than 2,000% during peak shopping periods.

Retail 115

Retail Scams Phishing Cyber threats 115

Approachable Cyber Threats

MARCH 12, 2025

Category Awareness, Social Enginering Risk Level Phishing emails are getting harder to detect. What is phishing, and why is it such a big deal?" Phishing is one of the oldest tricks in the hacker playbook - but its also one of the most effective. Alright, but cant I just spot and delete phishing emails?"

Phishing 52

Phishing Scams Social Engineering Artificial Intelligence 52

Malwarebytes

FEBRUARY 4, 2025

This warning comes from our 2025 State of Malware report, which compiled a years worth of intelligence to identify the most pressing cyberattacks on the horizon. You can find the full 2025 State of Malware report here. And if the model works for individuals, theres little reason it wouldnt work for individual business owners.

Artificial Intelligence 144

Artificial Intelligence Small Business Malware Technology 144

The Hacker News

SEPTEMBER 30, 2023

Sophisticated cyber actors backed by Iran known as OilRig have been linked to a spear-phishing campaign that infects victims with a new strain of malware called Menorah.

Malware 138

Malware Phishing 138