The Hacker News

DECEMBER 2, 2024

Over a dozen malicious Android apps identified on the Google Play Store that have been collectively downloaded over 8 million times contain malware known as SpyLoan, according to new findings from McAfee Labs.

Social Engineering 143

Social Engineering Malware Mobile Engineering 143

Schneier on Security

DECEMBER 20, 2022

The installer was left on various torrent sites, presumably ensnaring people downloading pirated copies of the operating system: Mandiant uncovered a socially engineered supply chain operation focused on Ukrainian government entities that leveraged trojanized ISO files masquerading as legitimate Windows 10 Operating System installers.

Social Engineering 214

Social Engineering Engineering Software Government 214

SecureWorld News

FEBRUARY 15, 2024

The hackers rely heavily on social engineering tactics to distribute the malware. Android users were directed to fake app store pages to download infected apps. The malware has been active since 2023, specifically targeting victims in Vietnam and Thailand.

Social Engineering 80

Social Engineering Mobile Authentication Engineering 80

The Hacker News

APRIL 26, 2024

An ongoing social engineering campaign is targeting software developers with bogus npm packages under the guise of a job interview to trick them into downloading a Python backdoor. Cybersecurity firm Securonix is tracking the activity under the name DEV#POPPER, linking it to North Korean threat actors.

Software 144

Software Social Engineering Malware Engineering 144

Krebs on Security

MARCH 23, 2022

22, Microsoft said it interrupted the LAPSUS$ group’s source code download before it could finish, and that it was able to do so because LAPSUS$ publicly discussed their illicit access on their Telegram channel before the download could complete. In a blog post published Mar.

Social Engineering 327

Social Engineering Accountability Mobile Passwords 327

SecureList

DECEMBER 17, 2024

The link directed users to a phishing site offering to download Mamont for Android ( 12936056e8895e6a662731c798b27333 ). If the POST request returns a 200 code, the Trojan opens a window that supposedly downloads order details. Avoid downloading apps from anywhere but official sources.

Scams 72

Scams Malware Social Engineering Banking 72

Security Affairs

APRIL 15, 2024

Then they used the access to download a set of MFA SMS message logs belonging to customers’ Duo accounts. “More specifically, the threat actor downloaded message logs for SMS messages that were sent to certain users under your Duo account between March 1, 2024 and March 31, 2024. ” continues the notification.

Data breaches 143

Data breaches Social Engineering Engineering Authentication 143

The Hacker News

JULY 30, 2021

An ongoing malicious campaign that employs phony call centers has been found to trick victims into downloading malware capable of data exfiltration as well as deploying ransomware on infected systems.

Social Engineering 137

Social Engineering Ransomware Engineering Malware 137

Malwarebytes

DECEMBER 19, 2024

Social engineering is a core part of these schemes and the tricks we see are sometimes very clever. Such search queries have been a hot spot for criminals who want to lure victims that are looking to download programs onto their computer. Once the code runs, it will download a file from a remote domain ( topsportracing[.]com

Social Engineering 52

Social Engineering Engineering Malware Antivirus 52

Krebs on Security

APRIL 20, 2023

In late March 2023, 3CX disclosed that its desktop applications for both Windows and macOS were compromised with malicious code that gave attackers the ability to download and run code on all machines where the app was installed. Microsoft Corp.

Malware 322

Malware Software Technology Accountability 322

Security Through Education

NOVEMBER 19, 2024

Social engineering scams frequently exploit our desire to help by using themes of sympathy and assistance to manipulate us. Sympathy and Assistance Themes in Vishing Simulations Now you might be wondering, do these social-engineering tactics actually work?

Social Engineering 52

Social Engineering Engineering Scams Cryptocurrency 52

Security Through Education

NOVEMBER 19, 2024

Social engineering scams frequently exploit our desire to help by using themes of sympathy and assistance to manipulate us. Sympathy and Assistance Themes in Vishing Simulations Now you might be wondering, do these social-engineering tactics actually work?

Social Engineering 52

Social Engineering Engineering Scams Cryptocurrency 52

Malwarebytes

APRIL 19, 2022

Victims are lured into downloading the malware with a variety of social engineering tactics, including spearphishing. TraderTraitor describes a series of malicious Electron applications that can download and execute malicious payloads, such as remote access trojans ( RAT ). Spearphishing campaigns. Mitigation.

Social Engineering 143

Social Engineering Cryptocurrency Computers and Electronics Engineering 143

eSecurity Planet

OCTOBER 3, 2022

PuTTY, KiTTY, TightVNC, Sumatra PDF Reader, and the muPDF/Subliminal Recording software installer have been backdoored to perform a wide range of social engineering campaigns that started in April 2022. The victims were tricked into downloading utilities to complete fake job assessments. Putty) and networking tools.

Software 125

Software Social Engineering Engineering Phishing 125

Penetration Testing

JULY 31, 2024

Microsoft OneDrive users are being targeted in a new and sophisticated phishing campaign that leverages social engineering to trick victims into executing malicious PowerShell scripts.

Phishing 62

Phishing Social Engineering Engineering Cybersecurity 62

Krebs on Security

JANUARY 30, 2024

2022 that an intrusion had exposed a “limited number” of Twilio customer accounts through a sophisticated social engineering attack designed to steal employee credentials. Twilio disclosed in Aug. Sosa also was active in a particularly destructive group of accomplished criminal SIM-swappers known as “ Star Fraud.”

Social Engineering 340

Social Engineering Mobile Passwords Cybercrime 340

Krebs on Security

MAY 14, 2024

“CVE-2024-30051 is used to gain initial access into a target environment and requires the use of social engineering tactics via email, social media or instant messaging to convince a target to open a specially crafted document file,” Narang said.

Social Engineering 256

Social Engineering Backups Malware Software 256

Digital Shadows

OCTOBER 25, 2024

During the investigation, we discovered a wider trend: a campaign of escalated social engineering tactics originally associated with the ransomware group “Black Basta.” During this call, they would attempt to convince the user to download an RMM tool and allow the attacker access to the user’s host. What Happened?

Social Engineering 52

Social Engineering Engineering Phishing Accountability 52

CSO Magazine

APRIL 12, 2022

These attacks use social engineering techniques to trick the email recipient into believing that the message is something they want or need—a request from their bank, for instance, or a note from someone in their company—and to click a link or download an attachment.

Phishing 120

Phishing Social Engineering Banking Engineering 120

The Last Watchdog

APRIL 28, 2020

That, of course, presents the perfect environment for cybercrime that pivots off social engineering. Social engineering invariably is the first step in cyber attacks ranging from phishing and ransomware to business email compromise ( BEC ) scams and advanced persistent threat ( APT ) hacks. Do you really need to do it?

Social Engineering 174

Social Engineering Cyber Attacks Scams Engineering 174

Malwarebytes

NOVEMBER 21, 2023

Back in September, we described how malicious ads were tricking victims into downloading this piece of malware under the disguise of a popular application. Because ClearFake has become one of the main social engineering campaigns recently, Mac users should pay particular attention to it.

Social Engineering 142

Social Engineering Engineering Passwords Malware 142

Security Affairs

AUGUST 25, 2024

Meet UULoader: An Emerging and Evasive Malicious Installer BlindEagle flying high in Latin America Finding Malware: Unveiling NUMOZYLOD with Google Security Operations New Backdoor Targeting Taiwan Employs Stealthy Communications Unmasking Styx Stealer: How a Hacker’s Slip Led to an Intelligence Treasure Trove PG_MEM: A Malware Hidden in the Postgres (..)

Malware 127

Malware Social Engineering Ransomware Cybercrime 127

Security Boulevard

JULY 17, 2024

The FakeBat malware uses the drive-by download malware technique as a distribution to compromise targets. Understanding Drive-by […] The post Drive-by Download Attacks Become Distribution Medium For FakeBat Malware appeared first on TuxCare. In this article, we’ll learn more about the FakeBat malware and the threats it entails.

Malware 69

Malware Social Engineering Engineering Phishing 69

The Hacker News

MAY 4, 2023

Each of these APTs relied heavily on social engineering to trick people into clicking on malicious links, downloading malware or sharing personal information across the internet," Guy Rosen, chief information

Social Engineering 101

Social Engineering Media Engineering Internet 101

Security Affairs

AUGUST 2, 2021

Through the pre-established Wi-Fi network (kitty3), the attacker remotely connects to the TV and views and downloads the saved screen recording. The cleaner’s insider access takes care of the physical access challenge, while detachment to the organization makes the individual more susceptible to social engineering.

Social Engineering 142

Social Engineering Healthcare Engineering Hacking 142

CyberSecurity Insiders

OCTOBER 14, 2021

This gang of cybercriminals targets individuals within an organization with social engineering tactics designed to fool them into opening a document from a ZIP file attached to an email. Ransomware is then downloaded and the breach is underway. How do hackers use social engineering? OnePercent Group attacks.

Social Engineering 133

Social Engineering Ransomware Engineering Phishing 133

Malwarebytes

SEPTEMBER 11, 2023

The malspam campaign used stolen email threads to lure victims into clicking a hyperlink, which downloaded the malware. The message content aimed to social engineer the recipients into downloading and opening a malicious file hosted remotely.” Keep threats off your devices by downloading Malwarebytes today.

Malware 141

Malware Social Engineering Cryptocurrency Cybercrime 141

CyberSecurity Insiders

FEBRUARY 22, 2022

Trickbot Malware that started just as a banking malware has now emerged into a sophisticated data stealing tool capable of injecting malware like ransomware or serve as an Emotet downloader. Note- In September 2020, many of the hospitals and healthcare firms operating in United States were infected by RYUK ransomware.

Malware 122

Malware Social Engineering Banking Phishing 122

Malwarebytes

FEBRUARY 13, 2024

Only download apps and other software from trusted sources. General signs that a RAT is active on your system may be: A slow computer and seemingly slow internet connection. Unknown entries in the list of installed programs/software. Be careful about which sites you visit and which emails you open. Never open unsolicited email attachments.

Social Engineering 135

Social Engineering Internet Internet Malware 135

Malwarebytes

JULY 30, 2024

Not only does this trick innocent victims into downloading malware or losing their data to phishing sites, it also erodes trust in brands and by association in Google Search itself. Looking at the site’s source code, we can see the code responsible for downloading Authenticator.exe from GitHub.

Authentication 144

Authentication Computers and Electronics Social Engineering Malware 144

Malwarebytes

JANUARY 3, 2024

Typically, an app needs to be on a device before it can be installed, which normally means that a user has to download it first. To save time and disk space, Microsoft introduced the ability to install applications directly from a web server , without downloading it first. Social engineering. Teams messages.

Social Engineering 137

Social Engineering Ransomware Backups Malware 137

Security Affairs

JULY 30, 2024

Threat actors rely on social engineering tactics to trick users into executing a PowerShell script, which leads to their systems being compromised. “The command, as illustrated above, first runs ipconfig /flushdns, then creates a folder on the C: drive named “downloads.” exe”), and executes script.a3x using AutoIt3.exe.

Phishing 144

Phishing DNS Social Engineering Engineering 144

Security Affairs

JUNE 29, 2021

According to the RestorePrivacy website, the threat actor abused the official LinkedIn API to download the data. Data available for sale exposes 700+ million people at risk of cybercriminal activities, including identity theft, phishing and social engineering attacks, and account hijacking. ” reported RestorePrivacy.

Identity Theft 145

Identity Theft Social Engineering Media Hacking 145

SecureList

MAY 17, 2021

In this article we analyse the technical features of the Trojan’s components, giving a detailed overview of obfuscation techniques, the infection process and subsequent functions, as well as the social engineering tactics used by the cybercriminals to convince their victims to give away their personal online banking details.

Banking 145

Banking Social Engineering Malware Engineering 145

Malwarebytes

DECEMBER 15, 2023

During this past year, we have seen an increase in the use of malicious ads (malvertising) and specifically those via search engines, to drop malware targeting businesses. In fact, browser-based attacks overall have been a lot more common if we include social engineering campaigns. me as well as URL structure. net cxtensones[.]top

Social Engineering 143

Social Engineering Engineering Malware Marketing 143

Security Affairs

AUGUST 28, 2024

The group also relied on social engineering efforts in attacks against organizations in the higher education, satellite, and defense sectors through LinkedIn. This version downloads additional payloads from the C2 server, including a backdoor and a batch script to maintain persistence on the compromised system.

Malware 135

Malware Social Engineering Education Government 135

Security Affairs

SEPTEMBER 11, 2024

An attacker could exploit this vulnerability by hosting a malicious file on their server and tricking a user into downloading and opening it. An attacker could bypass Office macro policies by tricking an authenticated user into downloading and opening a specially crafted file from a website.

Social Engineering 136

Social Engineering IoT Engineering Authentication 136