Hacking, Malware and Phishing - Cyber Security Informer

A Day in the Life of a Prolific Voice Phishing Crew

Krebs on Security

JANUARY 7, 2025

Besieged by scammers seeking to phish user accounts over the telephone, Apple and Google frequently caution that they will never reach out unbidden to users this way. million in an elaborate voice phishing attack. The phishing domain used to steal roughly $4.7 Image: Shutterstock, iHaMoo. “ Annie.”

Phishing

Phishing Cryptocurrency Accountability Social Engineering

FBI: Spike in Hacked Police Emails, Fake Subpoenas

Krebs on Security

NOVEMBER 9, 2024

The Federal Bureau of Investigation (FBI) is urging police departments and governments worldwide to beef up security around their email systems, citing a recent increase in cybercriminal services that use hacked police email accounts to send unauthorized subpoenas and customer data requests to U.S.-based dot-gov emails get hacked.

Hacking

Hacking Accountability Government Social Engineering

Notorious Malware, Spam Host “Prospero” Moves to Kaspersky Lab

Krebs on Security

FEBRUARY 28, 2025

Security experts say the Russia-based service provider Prospero OOO (the triple O is the Russian version of “LLC”) has long been a persistent source of malicious software, botnet controllers, and a torrent of phishing websites. A fake browser update page pushing mobile malware. Image: Intrinsec.

Malware

Malware Antivirus Software DDOS

ClickFix: How to Infect Your PC in Three Easy Steps

Krebs on Security

MARCH 14, 2025

A clever malware deployment scheme first spotted in targeted attacks last year has now gone mainstream. This particular scam usually starts with a website popup that looks something like this: This malware attack pretends to be a CAPTCHA intended to separate humans from bots. Source: Sekoia.

Phishing

Phishing Malware Scams Passwords

Booking.com Phishers May Leave You With Reservations

Krebs on Security

NOVEMBER 1, 2024

This story examines a recent spear-phishing campaign that ensued when a California hotel had its booking.com credentials stolen. KrebsOnSecurity last week heard from a reader whose close friend received a targeted phishing message within the Booking mobile app just minutes after making a reservation at a California.

Phishing

Phishing Accountability Artificial Intelligence Cybercrime

MikroTik botnet relies on DNS misconfiguration to spread malware

Security Affairs

JANUARY 16, 2025

Researchers discovered a 13,000-device MikroTik botnet exploiting DNS flaws to spoof 20,000 domains and deliver malware. Infoblox researchers discovered a botnet of 13,000 MikroTik devices that exploits DNS misconfigurations to bypass email protections, spoof approximately 20,000 domains, and deliver malware.

DNS

DNS Malware Firmware Authentication

2020 Oscar Nominees Used to Spread Malware

Adam Levin

FEBRUARY 7, 2020

Online scammers are using the 2020 Oscars to spread malware. A recent study released by Kaspersky Labs uncovered several hacking and phishing campaigns promising their targets free and early access to Best Picture nominees for this year’s Academy Awards.

Malware

Malware Adware Phishing Hacking

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 16

Security Affairs

OCTOBER 20, 2024

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape. Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape.

Malware

Malware Ransomware Encryption Phishing

New version of Android malware FakeCall redirects bank calls to scammers

Security Affairs

OCTOBER 30, 2024

The latest FakeCall malware version for Android intercepts outgoing bank calls, redirecting them to attackers to steal sensitive info and bank funds. Zimperium researchers spotted a new version of the FakeCall malware for Android that hijacks outgoing victims’ calls and redirects them to the attacker’s phone number.

Banking

Banking Malware Accountability Phishing

When Low-Tech Hacks Cause High-Impact Breaches

Krebs on Security

FEBRUARY 26, 2023

Web hosting giant GoDaddy made headlines this month when it disclosed that a multi-year breach allowed intruders to steal company source code, siphon customer and employee login credentials, and foist malware on customer websites. But we do know the March 2020 attack was precipitated by a spear-phishing attack against a GoDaddy employee.

Hacking

Hacking Social Engineering Phishing Scams

Esperts found new DoNot Team APT group’s Android malware

Security Affairs

JANUARY 20, 2025

Researchers linked the threat actor DoNot Teamto a new Android malware that was employed in highly targeted cyber attacks. CYFIRMA researchers linked a recently discovered Android malware to the Indian APT group known as DoNot Team. In this case, the group is leveraging OneSignal to deliver phishing links through notifications.

Malware

Malware Cyber Attacks Mobile Phishing

Morphing Meerkat phishing kits exploit DNS MX records

Security Affairs

MARCH 31, 2025

Morphing Meerkat phishing kits exploit DNS MX records to deliver spoofed login pages, targeting over 100 brands. Threat actors are exploiting DNS techniques to enhance phishing attacks, using MX records to dynamically serve spoofed login pages. “We discovered cyber campaigns that used the phishing kits as early as January 2020.

DNS

DNS Phishing Banking Passwords

Sendgrid Under Siege from Hacked Accounts

Krebs on Security

AUGUST 28, 2020

Email service provider Sendgrid is grappling with an unusually large number of customer accounts whose passwords have been cracked, sold to spammers, and abused for sending phishing and email malware attacks.

Accountability

Accountability Hacking Authentication Marketing

‘The Manipulaters’ Improve Phishing, Still Fail at Opsec

Krebs on Security

APRIL 3, 2024

Roughly nine years ago, KrebsOnSecurity profiled a Pakistan-based cybercrime group called “ The Manipulaters ,” a sprawling web hosting network of phishing and spam delivery platforms. Manipulaters advertisement for “Office 365 Private Page with Antibot” phishing kit sold on the domain heartsender,com.

Phishing

Phishing Cybercrime Malware Advertising

U.S. Hacks QakBot, Quietly Removes Botnet Infections

Krebs on Security

AUGUST 29, 2023

government today announced a coordinated crackdown against QakBot , a complex malware family used by multiple cybercrime groups to lay the groundwork for ransomware infections. QakBot is most commonly delivered via email phishing lures disguised as something legitimate and time-sensitive, such as invoices or work orders.

Hacking

Hacking Malware Ransomware Government

Calendar Meeting Links Used to Spread Mac Malware

Krebs on Security

FEBRUARY 28, 2024

But clicking the meeting link provided by the scammers prompts the user to run a script that quietly installs malware on macOS systems. It didn’t dawn on Doug until days later that the missed meeting with Mr. Lee might have been a malware attack. ” Image: SlowMist.

Malware

Malware Cryptocurrency Software Phishing

Malware in Google Apps

Schneier on Security

MAY 5, 2020

Interesting story of malware hidden in Google Apps. This particular campaign is tied to the government of Vietnam. In this case, the attackers used Google Play as a trusted source," says Kaspersky researcher Alexey Firsh.

Malware

Malware Spyware Phishing Government

LW ROUNDTABLE — How 2024’s cyber threats will transform the security landscape in 2025

The Last Watchdog

DECEMBER 16, 2024

Part two of a four-part series The explosion of AI-driven phishing, insider threats, and business logic abuse has forced a shift toward more proactive, AI-enhanced defenses. Meanwhile, while business logic hacks, supply chain holes, and cyber extortion continue to loom large. Attackers arent hacking in theyre logging in.

Cyber threats

Cyber threats CISO IoT Phishing

Cloak ransomware group hacked the Virginia Attorney General’s Office

Security Affairs

MARCH 24, 2025

“Cloaks attack strategy involves acquiring network access through Initial Access Brokers (IABs) or social engineering methods such as phishing, malvertising, exploit kits, and drive-by downloads disguised as legitimate updates like Microsoft Windows installers.” .” reads a report published by Halcyon.

Ransomware

Ransomware Hacking Social Engineering VPN

Karma Catches Up to Global Phishing Service 16Shop

Krebs on Security

AUGUST 17, 2023

You’ve probably never heard of “ 16Shop ,” but there’s a good chance someone using it has tried to phish you. A 16Shop phishing page spoofing Apple and targeting Japanese users. The INTERPOL statement says the platform sold hacking tools to compromise more than 70,000 users in 43 countries.

Phishing

Phishing Passwords Internet Internet

This Simple Hack Could Tank Your Business

Adam Levin

JULY 24, 2020

Barely a day goes by without news of an elite hacking team creating a more stealth exploit– malware , elaborate spear-phishing attacks, trojans, and a killer array of ransomware that can take factories and other organizations offline, or even hobble entire cities. Cyberattacks are constantly getting more sophisticated.

Hacking

Hacking Phishing Risk Accountability

Iran and China-linked actors used ChatGPT for preparing attacks

Security Affairs

OCTOBER 11, 2024

Rather than using advanced hacking techniques, they exploited systems with default credentials to compromise target networks. The group used the chatbot to receive support in Android malware development and to create a scraper for the social media platform Instagram. The malware targeted Android and was relatively rudimentary.

Malware

Malware Social Engineering Engineering Hacking

GUEST ESSAY: Introducing ‘killware’ — malware designed to contaminate, disrupt critical services

The Last Watchdog

DECEMBER 20, 2021

Killware is a type of malware deployed to cause physical harm: contaminate community water supplies, exploit and obstruct networks used by hospitals and healthcare facilities, jam air traffic control networks, contaminate gasoline supplies, and, in some instances, deliberately cause death where and when it is least expected.

Malware

Malware Phishing Technology Ransomware

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 39

Security Affairs

MARCH 30, 2025

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Microsoft Trusted Signing service abused to code-sign malware Shedding light on the ABYSSWORKER driver VSCode Marketplace Removes Two Extensions Deploying Early-Stage Ransomware New Android Malware Campaigns Evading (..)

Malware

Malware Ransomware Threat Detection Mobile

Phishers abuse CrowdStrike brand targeting job seekers with cryptominer

Security Affairs

JANUARY 10, 2025

CrowdStrike warns of a phishing campaign that uses its recruitment branding to trick recipients into downloading a fake application, which finally installs the XMRig cryptominer. ” The attack begins with a phishing email impersonating CrowdStrike recruitment, directing recipients to a malicious website.”

Phishing

Phishing Scams Malware Authentication

Security Affairs newsletter Round 496 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

NOVEMBER 3, 2024

Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Cryptocurrency

Cryptocurrency Hacking Phishing Cyber Attacks

The great Google Ads heist: criminals ransack advertiser accounts via fake Google ads

Malwarebytes

JANUARY 15, 2025

Table of contents Overview Criminals impersonate Google Ads Lures hosted on Google Sites Phishing for Google account credentials Victimology Who is behind these campaigns? Some of those hacked accounts already had hundreds of other legitimate ads running, and one of them was for a popular Taiwanese electronics company.

Advertising

Advertising Accountability Phishing Scams

Bybit Hack: $1.46 Billion Crypto Heist Points to North Korea's Lazarus Group

SecureWorld News

FEBRUARY 26, 2025

Dubai-based exchange Bybit was targeted in a malware-driven attack that resulted in the theft of approximately $1.46 The Bybit theft resulted from malware-driven manipulation of cold wallet transactions, exploiting multi-signature vulnerabilities," Soroko said. billion in crypto assets.

Hacking

Hacking Cryptocurrency Cyber threats Malware

Phishing campaigns target SMBs in Poland, Romania, and Italy with multiple malware families

Security Affairs

JULY 31, 2024

Phishing campaigns target small and medium-sized businesses (SMBs) in Poland to deliver malware families such as Agent Tesla, Formbook, and Remcos RAT. ESET researchers observed multiple phishing campaigns targeting SMBs in Poland in May 2024, distributing various malware families like Agent Tesla , Formbook , and Remcos RAT.

Phishing

Phishing Malware Accountability Hacking

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 28

Security Affairs

JANUARY 12, 2025

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape.

Malware

Malware Scams Phishing Encryption

A generative artificial intelligence malware used in phishing attacks

Security Affairs

SEPTEMBER 24, 2024

HP researchers detected a dropper that was generated by generative artificial intelligence services and used to deliver AsyncRAT malware. While investigating a malicious email, HP researchers discovered a malware generated by generative artificial intelligence services and used to deliver the AsyncRAT malware.

Artificial Intelligence

Artificial Intelligence Malware Phishing Encryption

Banshee macOS stealer supports new evasion mechanisms

Security Affairs

JANUARY 10, 2025

Check Point researchers discovered a new version of the Banshee macOS infostealer which is distributed through phishing websites and fake GitHub repositories, often masqueraded as popular software. In August 2024, Russian crooks advertised a macOS malware called BANSHEE Stealer that can target both x86_64 and ARM64 architectures.

Malware

Malware Advertising Antivirus Cybercrime

Crooks are reviving the Grandoreiro banking trojan

Security Affairs

MARCH 28, 2025

Grandoreiro Banking Trojan resurfaces, targeting users in Latin America and Europe in new phishing campaigns. Forcepoint X-Labs researchers warn of new phishing campaigns targeting Latin America and Europe in new phishing campaigns. The malware uses a custom URI Client and unusual port numbers to communicate with the server.

Banking

Banking Phishing Malware Passwords

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 23

Security Affairs

DECEMBER 8, 2024

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape.

Malware

Malware Spyware Phishing Hacking

How Phishers Are Slinking Their Links Into LinkedIn

Krebs on Security

FEBRUARY 3, 2022

The trouble is, there’s little to stop criminals from leveraging newly registered or hacked LinkedIn business accounts to create their own ad campaigns using Slinks. This search via Urlscan reveals dozens of recent phishing attacks that have leveraged the Slinks feature. Urlscan also found this phishing scam from Jan.

Phishing

Phishing Marketing Scams Accountability

Glove Stealer bypasses Chrome’s App-Bound Encryption to steal cookies

Security Affairs

NOVEMBER 15, 2024

The Glove Stealer malware exploits a new technique to bypass Chrome’s App-Bound encryption and steal browser cookies. The malware could harvest a huge trove of data from infected systems, including cookies, autofill, cryptocurrency wallets, 2FA authenticators, password managers, and email client information.

Encryption

Encryption Password Management Cryptocurrency Social Engineering

Canadian Man Arrested in Snowflake Data Extortions

Krebs on Security

NOVEMBER 5, 2024

Bloomberg first reported Moucka’s alleged ties to the Snowflake hacks on Monday. On May 2, 2024, Judische claimed on the fraud-focused Telegram channel Star Chat that they had hacked Santander Bank , one of the first known Snowflake victims. Image: [link] On October 30, Canadian authorities arrested Alexander Moucka, a.k.a.

Cybercrime

Cybercrime Mobile Media Hacking

PLAYFULGHOST backdoor supports multiple information stealing features

Security Affairs

JANUARY 5, 2025

PLAYFULGHOST is a new malware family with capabilities including keylogging, screen and audio capture, remote shell access, and file transfer/execution. The backdoor is distributed through: Phishing emails with themes such as code of conduct to trick users into downloading the malware.

Malware

Malware Encryption Phishing Hacking

Law enforcement seized the domains of HeartSender cybercrime marketplaces

Security Affairs

FEBRUARY 2, 2025

A joint law enforcement operation led to the seizure of 39 domains tied to a Pakistan-based HeartSender cybercrime group (aka Saim Raza and Manipulators Team) known for selling hacking and fraud tools. The HeartSender group has sold phishing tools to criminals since 2020, causing over $3 million in U.S.

Cybercrime

Cybercrime Advertising Phishing Hacking

Coyote Banking Trojan targets Brazilian users, stealing data from 70+ financial apps and websites

Security Affairs

FEBRUARY 4, 2025

Threat actors target Brazilian users by stealing financial data, the malware can harvest sensitive information from over 70 financial applications and numerous websites. The Coyote Banking Trojan supports multiple malicious functions, including keylogging, capturing screenshots, and displaying phishing overlays to steal sensitive credentials.

Banking

Banking Malware Antivirus Cyber threats

Zero-day broker Operation Zero offers up to $4 million for Telegram exploits

Security Affairs

MARCH 21, 2025

Representatives of the Security Service of Ukraine and the General Staff of the Armed Forces of Ukraine warned that Russia-linked threat actors are actively using Telegram for cyberattacks, spreading phishing and malware, geolocating users, adjusting missile strikes, etc. continues the announcement.

Government

Government Surveillance Mobile Hacking

Malicious Office 365 Apps Are the Ultimate Insiders

Krebs on Security

MAY 5, 2021

After a user logs in, the link prompts them to install a malicious but innocuously-named app that gives the attacker persistent, password-free access to any of the user’s emails and files, both of which are then plundered to launch malware and phishing scams against others. Image: Proofpoint.

Accountability

Accountability Advertising Passwords Phishing

North Korea-linked APT Emerald Sleet is using a new tactic

Security Affairs

FEBRUARY 12, 2025

The threat actor impersonates a South Korean government official to build trust with the target before sending a spear-phishing email with a bait PDF attachment. The IT giant recommends training users about phishing and employing attack surface reduction rules. LNK shortcut files, disguised as Office documents.

Phishing

Phishing Malware Security Intelligence Hacking

Instagram Hacked: Steps to Prevent Data Breaches

Hacker's King

DECEMBER 28, 2024

Data breaches and account hacks are a growing concern for users, especially with the personal and professional information shared on the platform. If youre worried about your Instagram account being hacked , it's essential to take proactive steps to protect your data. Revoke access to any app you no longer use or trust.

Data breaches

Data breaches Hacking Passwords Accountability

A Day in the Life of a Prolific Voice Phishing Crew

FBI: Spike in Hacked Police Emails, Fake Subpoenas

Trending Sources

Notorious Malware, Spam Host “Prospero” Moves to Kaspersky Lab

ClickFix: How to Infect Your PC in Three Easy Steps

Booking.com Phishers May Leave You With Reservations

MikroTik botnet relies on DNS misconfiguration to spread malware

2020 Oscar Nominees Used to Spread Malware

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 16

New version of Android malware FakeCall redirects bank calls to scammers

When Low-Tech Hacks Cause High-Impact Breaches

Esperts found new DoNot Team APT group’s Android malware

Morphing Meerkat phishing kits exploit DNS MX records

Sendgrid Under Siege from Hacked Accounts

‘The Manipulaters’ Improve Phishing, Still Fail at Opsec

U.S. Hacks QakBot, Quietly Removes Botnet Infections

Calendar Meeting Links Used to Spread Mac Malware

Malware in Google Apps

LW ROUNDTABLE — How 2024’s cyber threats will transform the security landscape in 2025

Cloak ransomware group hacked the Virginia Attorney General’s Office

Karma Catches Up to Global Phishing Service 16Shop

This Simple Hack Could Tank Your Business

Iran and China-linked actors used ChatGPT for preparing attacks

GUEST ESSAY: Introducing ‘killware’ — malware designed to contaminate, disrupt critical services

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 39

Phishers abuse CrowdStrike brand targeting job seekers with cryptominer

Security Affairs newsletter Round 496 by Pierluigi Paganini – INTERNATIONAL EDITION

The great Google Ads heist: criminals ransack advertiser accounts via fake Google ads

Bybit Hack: $1.46 Billion Crypto Heist Points to North Korea's Lazarus Group

Phishing campaigns target SMBs in Poland, Romania, and Italy with multiple malware families

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 28

A generative artificial intelligence malware used in phishing attacks

Banshee macOS stealer supports new evasion mechanisms

Crooks are reviving the Grandoreiro banking trojan

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 23

How Phishers Are Slinking Their Links Into LinkedIn

Glove Stealer bypasses Chrome’s App-Bound Encryption to steal cookies

Canadian Man Arrested in Snowflake Data Extortions

PLAYFULGHOST backdoor supports multiple information stealing features

Law enforcement seized the domains of HeartSender cybercrime marketplaces

Coyote Banking Trojan targets Brazilian users, stealing data from 70+ financial apps and websites

Zero-day broker Operation Zero offers up to $4 million for Telegram exploits

Malicious Office 365 Apps Are the Ultimate Insiders

North Korea-linked APT Emerald Sleet is using a new tactic

Instagram Hacked: Steps to Prevent Data Breaches

Stay Connected