Security Affairs

MARCH 24, 2025

Initially, the group published screenshots of stolen data as proof of the attack, now the whole archive can be downloaded from the leak page. The group said that the waiting period had expired and claimed the theft of 134GB of sensitive data. ” reads a report published by Halcyon.

Ransomware 100

Ransomware Hacking Social Engineering VPN 100

Malwarebytes

DECEMBER 19, 2024

Social engineering is a core part of these schemes and the tricks we see are sometimes very clever. Such search queries have been a hot spot for criminals who want to lure victims that are looking to download programs onto their computer. Once the code runs, it will download a file from a remote domain ( topsportracing[.]com

Social Engineering 98

Social Engineering Engineering Malware Antivirus 98

SecureWorld News

FEBRUARY 15, 2024

The hackers rely heavily on social engineering tactics to distribute the malware. Android users were directed to fake app store pages to download infected apps. The malware has been active since 2023, specifically targeting victims in Vietnam and Thailand.

Social Engineering 103

Social Engineering Mobile Authentication Engineering 103

The Last Watchdog

JANUARY 30, 2025

Using a very clever social engineering attack that exploits trusted domains, the adversary can then further escalate the profile hijacking attack to steal passwords from the victims browser. Browser takeover To achieve a full browser takeover, the attacker essentially needs to convert the victims Chrome browser into a managed browser.

Social Engineering 130

Social Engineering Engineering Authentication Media 130

Schneier on Security

DECEMBER 20, 2022

The installer was left on various torrent sites, presumably ensnaring people downloading pirated copies of the operating system: Mandiant uncovered a socially engineered supply chain operation focused on Ukrainian government entities that leveraged trojanized ISO files masquerading as legitimate Windows 10 Operating System installers.

Social Engineering 239

Social Engineering Engineering Software Government 239

Security Affairs

OCTOBER 29, 2024

The threat actors use the Civil Defense website to distribute multiple software programs that, once installed, download different malware families. The site provides a downloader called Pronsis Loader to Windows users, this malware starts an attack chain, ultimately installing SUNSPINNER and the PURESTEALER information stealer.

Malware 118

Malware Social Engineering Software Mobile 118

Security Affairs

NOVEMBER 15, 2024

Threat actors relies on social engineering tactics like ClickFix and FakeCaptcha to trick users into executing malicious scripts via PowerShell or Run prompts. To extract cookies from Chromium-based browsers, it downloads a module from the C&C to bypass App-Bound encryption. ” reads the report published by Gen Digital.

Encryption 115

Encryption Password Management Cryptocurrency Social Engineering 115

Malwarebytes

JANUARY 13, 2025

A smishing (SMS phishing) campaign is targeting iMessage users, attempting to socially engineer them into bypassing Apple’s built in phishing protection. Keep threats off your devices by downloading Malwarebytes today. And, now, the campign is gaining traction, according to our friends at BleepingComputer.

Phishing 131

Phishing Social Engineering Scams Mobile 131

Security Boulevard

APRIL 3, 2025

is the shady entity behind a clutch of free VPN appswith over a million downloads. Bad Apple: Chinese firm banned by the U.S. The post App Stores OKed VPNs Run by China PLA appeared first on Security Boulevard.

VPN 121

VPN Social Engineering Data privacy Engineering 121

Malwarebytes

MARCH 10, 2025

I realize that may sound like something trivial to steer clear from, but apparently its not because the social engineering behind it is pretty sophisticated. What the files are in reality is an encoded Powershell command which will run invisibly and download the actual payload.

Social Engineering 139

Social Engineering Media Scams Malware 139

eSecurity Planet

OCTOBER 22, 2024

Cybercriminals employ social engineering techniques to trick you into believing you must resolve fictitious technical issues. The hallmark of ClickFix campaigns is their clever use of social engineering. Types of Malware Delivered The ClickFix campaigns are not just a nuisance; they can lead to severe security breaches.

Scams 124

Scams Malware Phishing Social Engineering 124

The Hacker News

APRIL 26, 2024

An ongoing social engineering campaign is targeting software developers with bogus npm packages under the guise of a job interview to trick them into downloading a Python backdoor. Cybersecurity firm Securonix is tracking the activity under the name DEV#POPPER, linking it to North Korean threat actors.

Software 141

Software Social Engineering Malware Engineering 141

SecureWorld News

DECEMBER 17, 2024

This operation, which blends social engineering and technical exploitation, has resulted in the theft of more than 390,000 WordPress credentials. By downloading and running this code, victims essentially infected themselves." Simultaneously, a phishing campaign tricked targets into installing a fake kernel update.

Phishing 109

Phishing Threat Detection Social Engineering Cybercrime 109

Malwarebytes

JANUARY 31, 2025

This is in contrast to typical phishing pages where victims download a so-called installer that contains malware. Overview Web traffic view Delivery #1: PowerShell code via “ClickFix” Malicious ad and social engineering Threat actors created a Google ad for the popular utility application Notion. com/in.php?action=1

Social Engineering 81

Social Engineering Engineering Malware Phishing 81

The Hacker News

DECEMBER 2, 2024

Over a dozen malicious Android apps identified on the Google Play Store that have been collectively downloaded over 8 million times contain malware known as SpyLoan, according to new findings from McAfee Labs.

Social Engineering 135

Social Engineering Malware Mobile Engineering 135

Security Affairs

MARCH 10, 2025

Using this social engineering trick, threats like stealers, RATs, Trojans, and crypto miners can persist undetected. com to distribute an infected archive, which had over 40,000 downloads. Common malware families include NJRat , XWorm, Phemedrone , and DCRat. Attackers used the malicious site gitrok[.]com

Cryptocurrency 90

Cryptocurrency Malware Social Engineering Antivirus 90

Security Affairs

JANUARY 22, 2025

It extracts Python backdoors from ZIP files downloaded via remote SharePoint links and employs techniques associated with the FIN7 threat actor. Once access was established, the attacker used a web browser to download a malicious payload, which was split into parts, reassembled, and unpacked to deploy malware.

Ransomware 98

Ransomware Malware Social Engineering Engineering 98

Hacker's King

DECEMBER 26, 2024

Steps to Enable Biometric App Locks: Download a secure app locker that integrates with your phones biometric features. Educate Yourself on Social Engineering Tactics Hacking isnt always about code; social engineeringmanipulating users into sharing sensitive informationis one of the most effective tools for cybercriminals.

Accountability 52

Accountability Hacking Social Engineering Passwords 52

Security Affairs

APRIL 15, 2024

Then they used the access to download a set of MFA SMS message logs belonging to customers’ Duo accounts. “More specifically, the threat actor downloaded message logs for SMS messages that were sent to certain users under your Duo account between March 1, 2024 and March 31, 2024. ” continues the notification.

Data breaches 139

Data breaches Social Engineering Engineering Authentication 139

Krebs on Security

APRIL 20, 2023

In late March 2023, 3CX disclosed that its desktop applications for both Windows and macOS were compromised with malicious code that gave attackers the ability to download and run code on all machines where the app was installed. Microsoft Corp.

Malware 334

Malware Software Technology Accountability 334

eSecurity Planet

FEBRUARY 26, 2025

Cybercriminals disguise messages as urgent notifications from banks, government agencies, or corporate IT teams, tricking users into providing credentials or downloading malware. Mishing is a phishing attack that uses SMS messages instead of emails to deceive victims into revealing sensitive information or clicking malicious links.

Phishing 88

Phishing Mobile Social Engineering Data breaches 88

Krebs on Security

MAY 14, 2024

“CVE-2024-30051 is used to gain initial access into a target environment and requires the use of social engineering tactics via email, social media or instant messaging to convince a target to open a specially crafted document file,” Narang said.

Social Engineering 284

Social Engineering Backups Malware Software 284

eSecurity Planet

OCTOBER 3, 2022

PuTTY, KiTTY, TightVNC, Sumatra PDF Reader, and the muPDF/Subliminal Recording software installer have been backdoored to perform a wide range of social engineering campaigns that started in April 2022. The victims were tricked into downloading utilities to complete fake job assessments. Putty) and networking tools.

Software 129

Software Social Engineering Engineering Phishing 129

SecureList

MARCH 25, 2025

The attackers employed social engineering techniques to trick victims into sharing their financial data or making a payment on a fake page. Distribution of financial phishing pages by category, 2024 ( download ) Online shopping scams The most popular online brand target for fraudsters was Amazon (33.19%). on the previous year.

Phishing 74

Phishing Banking Scams Mobile 74

Malwarebytes

MARCH 19, 2025

Additional social engineering techniques Phishing emails and messages : Scammers send convincing emails or text messages that appear to be from legitimate government agencies or financial institutions, urging users to click on malicious links or provide personal information. gov domains).

Scams 89

Scams Government Identity Theft Social Engineering 89

Security Boulevard

JANUARY 20, 2025

Successful exploitation requires social engineering users into manipulating a specially crafted file. These video guides function as the initial lure; they then share links to fake downloaders for the cracked software, which actually drop information stealers onto the device. These probably don't affect most users reading this.

Surveillance 97

Surveillance Malware Data breaches Scams 97

Malwarebytes

APRIL 19, 2022

Victims are lured into downloading the malware with a variety of social engineering tactics, including spearphishing. TraderTraitor describes a series of malicious Electron applications that can download and execute malicious payloads, such as remote access trojans ( RAT ). Spearphishing campaigns. Mitigation.

Cryptocurrency 134

Cryptocurrency Social Engineering Computers and Electronics Engineering 134

eSecurity Planet

MARCH 14, 2025

Using an insidious social engineering method called ClickFix, attackers manipulate users into unwittingly executing malicious commands, leading to extensive data theft and financial fraud. The anatomy of the attack The campaign employs a multi-layered approach, starting with deceptive emails that appear to originate from Booking.com.

Phishing 65

Phishing Malware Social Engineering Authentication 65

Krebs on Security

JANUARY 30, 2024

2022 that an intrusion had exposed a “limited number” of Twilio customer accounts through a sophisticated social engineering attack designed to steal employee credentials. Twilio disclosed in Aug. Sosa also was active in a particularly destructive group of accomplished criminal SIM-swappers known as “ Star Fraud.”

Social Engineering 359

Social Engineering Mobile Passwords Cybercrime 359

SecureList

FEBRUARY 20, 2025

User Execution and Phishing techniques ranked again in the top three threats, with nearly 5% of high-severity incidents involving successful social engineering. To explore these and other trends in detail, download full report (PDF).

Social Engineering 101

Social Engineering Phishing Government Threat Detection 101

CSO Magazine

APRIL 12, 2022

These attacks use social engineering techniques to trick the email recipient into believing that the message is something they want or need—a request from their bank, for instance, or a note from someone in their company—and to click a link or download an attachment.

Phishing 120

Phishing Social Engineering Banking Engineering 120

The Last Watchdog

APRIL 28, 2020

That, of course, presents the perfect environment for cybercrime that pivots off social engineering. Social engineering invariably is the first step in cyber attacks ranging from phishing and ransomware to business email compromise ( BEC ) scams and advanced persistent threat ( APT ) hacks. Do you really need to do it?

Social Engineering 174

Social Engineering Cyber Attacks Scams Engineering 174

Malwarebytes

FEBRUARY 4, 2025

With all the details a phisher can find in a resume they can make their social engineering attempts very convincing. And if the job application was recent enough, a phisher could probably trick the victim into downloading malware under the guise of engaging in the hiring process.

Identity Theft 69

Identity Theft Social Engineering Education Banking 69

Webroot

JUNE 2, 2022

Phishing and social engineering. Gaming is now an online social activity. This gives scammers lots of opportunities to approach unwary gamers and try to trick them into downloading malware, giving up personal details, or handing over login credentials. As such, downloading a pirated game simply isn’t worth the risk.

Cyber threats 127

Cyber threats Social Engineering Accountability Malware 127

The Hacker News

MAY 4, 2023

Each of these APTs relied heavily on social engineering to trick people into clicking on malicious links, downloading malware or sharing personal information across the internet," Guy Rosen, chief information

Social Engineering 99

Social Engineering Media Engineering Internet 99

CyberSecurity Insiders

FEBRUARY 22, 2022

Trickbot Malware that started just as a banking malware has now emerged into a sophisticated data stealing tool capable of injecting malware like ransomware or serve as an Emotet downloader. Note- In September 2020, many of the hospitals and healthcare firms operating in United States were infected by RYUK ransomware.

Malware 122

Malware Social Engineering Banking Phishing 122

Security Affairs

AUGUST 2, 2021

Through the pre-established Wi-Fi network (kitty3), the attacker remotely connects to the TV and views and downloads the saved screen recording. The cleaner’s insider access takes care of the physical access challenge, while detachment to the organization makes the individual more susceptible to social engineering.

Social Engineering 137

Social Engineering Healthcare Engineering Hacking 137