Malware, Media and Social Engineering - Cyber Security Informer

Hiding Malware in Social Media Buttons

Schneier on Security

DECEMBER 7, 2020

Clever tactic : This new malware was discovered by researchers at Dutch cyber-security company Sansec that focuses on defending e-commerce websites from digital skimming (also known as Magecart) attacks. facebook_full, twitter_full, instagram_full, youtube_full, pinterest_full, and google_full).

Media

Media Malware Social Engineering Engineering

FBI: Spike in Hacked Police Emails, Fake Subpoenas

Krebs on Security

NOVEMBER 9, 2024

“This is social engineering at the highest level and there will be failed attempts at times. A review of EDR vendors across many cybercrime forums shows that some fake EDR vendors sell the ability to send phony police requests to specific social media platforms, including forged court-approved documents.

Hacking

Hacking Accountability Government Social Engineering

Hackers Exploit Zoom's Remote Control Feature in Cryptocurrency Heists

SecureWorld News

APRIL 22, 2025

Attack methodology: a step-by-step breakdown The Elusive Comet campaign begins with cybercriminals impersonating venture capitalists, media representatives, or business partners to lure cryptocurrency professionals into Zoom meetings.

Cryptocurrency

Cryptocurrency Social Engineering Cybercrime Engineering

Webinars

How to Avoid Pitfalls In Automation: Keep Humans In the Loop

MORE WEBINARS

Crazy Evil gang runs over 10 highly specialized social media scams

Security Affairs

FEBRUARY 3, 2025

The Russian-speaking Crazy Evil group runs over 10 social media scams, tricking victims into installing StealC, AMOS, and Angel Drainer malware. Since 2021, the Crazy Evil gang has become a major cybercriminal group, using phishing, identity fraud, and malware to steal cryptocurrency.

Scams

Scams Media Cryptocurrency Cybercrime

What are Common Types of Social Engineering Attacks?

eSecurity Planet

JULY 29, 2021

Social engineering is a common technique that cybercriminals use to lure their victims into a false sense of security. As social engineering tactics become more advanced, it’s important to know how to identify them in the context of cybersecurity. Social engineering in cybersecurity attacks.

Social Engineering

Social Engineering Engineering Phishing DNS

Iran and China-linked actors used ChatGPT for preparing attacks

Security Affairs

OCTOBER 11, 2024

The group used the chatbot to receive support in Android malware development and to create a scraper for the social media platform Instagram. “This actor used our models to debug malware, for coding assistance in creating a basic scraper for Instagram, and to translate LinkedIn profiles into Persian.

Malware

Malware Social Engineering Engineering Hacking

The Impact of AI on Social Engineering Cyber Attacks

SecureWorld News

NOVEMBER 8, 2023

Social engineering attacks have long been a threat to businesses worldwide, statistically comprising roughly 98% of cyberattacks worldwide. Given the much more psychologically focused and methodical ways that social engineering attacks can be conducted, it makes spotting them hard to do.

Social Engineering

Social Engineering Engineering Cyber Attacks Artificial Intelligence

What Are Social Engineering Scams?

Identity IQ

JUNE 20, 2023

What Are Social Engineering Scams? Thanks, Your CEO This common scenario is just one example of the many ways scammers may attempt to trick you through social engineering scams. Read on to learn how to recognize social engineering attacks, their consequences, and tactics to avoid falling for them.

Social Engineering

Social Engineering Scams Engineering Identity Theft

Kimsuky Targets Think Tanks and News Media with Social Engineering Attacks

The Hacker News

JUNE 7, 2023

The North Korean nation-state threat actor known as Kimsuky has been linked to a social engineering campaign targeting experts in North Korean affairs with the goal of stealing Google credentials and delivering reconnaissance malware.

Social Engineering

Social Engineering Engineering Media Malware

15 SpyLoan Android apps found on Google Play had over 8 million installs

Security Affairs

NOVEMBER 30, 2024

SpyLoan apps exploit social engineering to gain sensitive user data and excessive permissions, leading to extortion, harassment, and financial loss. Some of the malicious apps were promoted through deceptive advertising on social media.

Social Engineering

Social Engineering Media Mobile Scams

Hackers Hide Software Skimmer in Social Media Sharing Icons

Security Affairs

DECEMBER 4, 2020

Security researchers have uncovered a new technique to inject a software skimmer onto checkout pages, the malware hides in social media buttons. Sansec researchers were the first that discovered the new malware. Samples taken by Sansec revealed payment skimming as the true purpose of the malware injections.”

Media

Media Software Malware Social Engineering

When Low-Tech Hacks Cause High-Impact Breaches

Krebs on Security

FEBRUARY 26, 2023

Web hosting giant GoDaddy made headlines this month when it disclosed that a multi-year breach allowed intruders to steal company source code, siphon customer and employee login credentials, and foist malware on customer websites. But we do know the March 2020 attack was precipitated by a spear-phishing attack against a GoDaddy employee.

Hacking

Hacking Social Engineering Phishing Scams

EDR-as-a-Service makes the headlines in the cybercrime landscape

Security Affairs

APRIL 7, 2025

Guidebooks are also available to instruct on how to exploit the information obtained, in order to more effectively target victims through social engineering and doxxing campaigns. The lack of a robust verification process, combined with the trust placed in authorities, increases the risk to users’ digital security and privacy.

Cybercrime

Cybercrime Social Engineering Accountability Government

New AI “agents” could hold people for ransom in 2025

Malwarebytes

FEBRUARY 4, 2025

These agents could even hold people for ransom by matching stolen data online with publicly known email addresses or social media accounts, composing messages and holding entire conversations with victims who believe a human hacker out there has access to their Social Security Number, physical address, credit card info, and more.

Artificial Intelligence

Artificial Intelligence Small Business Malware Technology

National Consumer Protection Week: Keeping your personal data safe in a digitally connected world

Webroot

MARCH 3, 2025

Common attacks to consumer protection Identity theft and fraud Some common types of identity theft and fraud include account takeover fraud , when criminals use stolen personal information such as account numbers, usernames, or passwords to hijack bank accounts, credit cards, and even email and social media accounts.

Consumer Protection

Consumer Protection Identity Theft Scams Social Engineering

Social Engineering 2.0: The Rise of Deepfake Phishing

SecureWorld News

OCTOBER 3, 2023

And one of the most successful and increasingly prevalent ways of attack has come from social engineering, which is when criminals manipulate humans directly to gain access to confidential information. Social engineering is more sophisticated than ever, and its most advanced iteration is the topic of today's discussion: deepfakes.

Social Engineering

Social Engineering Phishing Engineering Technology

News alert: SquareX discloses ‘Browser Syncjacking’ – a new attack to hijack browser

The Last Watchdog

JANUARY 30, 2025

Using a very clever social engineering attack that exploits trusted domains, the adversary can then further escalate the profile hijacking attack to steal passwords from the victims browser.

Social Engineering

Social Engineering Engineering Authentication Media

Fake CAPTCHA websites hijack your clipboard to install information stealers

Malwarebytes

MARCH 10, 2025

I realize that may sound like something trivial to steer clear from, but apparently its not because the social engineering behind it is pretty sophisticated. But mshta will fetch the malicious media file from the specified domain and run it. The name of the media file may look perfectly fine.

Social Engineering

Social Engineering Media Scams Malware

The Original APT: Advanced Persistent Teenagers

Krebs on Security

APRIL 6, 2022

Many organizations are already struggling to combat cybersecurity threats from ransomware purveyors and state-sponsored hacking groups, both of which tend to take days or weeks to pivot from an opportunistic malware infection to a full blown data breach. In fact, the group often announces its hacks on social media.

Social Engineering

Social Engineering Phishing Engineering Accountability

GUEST ESSAY: How the ‘Scattered Spiders’ youthful ring defeated MFA to plunder Vegas

The Last Watchdog

NOVEMBER 19, 2023

Using routine social engineering strategies, the cyber-thieves gathered information about key employees. Professional networking and social media platforms continue to prove a rich landscape for phone numbers, locations, hobbies, dates of birth, family members, and friendships.

Social Engineering

Social Engineering Passwords Authentication Marketing

3CX Breach Was a Double Supply Chain Compromise

Krebs on Security

APRIL 20, 2023

Researchers at ESET say this job offer from a phony HSBC recruiter on LinkedIn was North Korean malware masquerading as a PDF file. Mandiant found the compromised 3CX software would download malware that sought out new instructions by consulting encrypted icon files hosted on GitHub. Image: Mandiant.

Malware

Malware Software Technology Accountability

April’s Patch Tuesday Brings Record Number of Fixes

Krebs on Security

APRIL 9, 2024

Only three of April’s vulnerabilities earned Microsoft’s most-dire “critical” rating, meaning they can be abused by malware or malcontents to take remote control over unpatched systems with no help from users. “I would treat this as in the wild until Microsoft clarifies,” Childs said.

DNS

DNS Social Engineering Malware Media

North Korea-linked campaign targets security experts via social media

Security Affairs

JANUARY 26, 2021

Google TAG is warning that North Korea-linked hackers targeting security researchers through social media. Google Threat Analysis Group (TAG) is warning that North Korea-linked hackers targeting security researchers through social media. ” reads the TAG’s report. ” continues the post. Pierluigi Paganini.

Media

Media Social Engineering Accountability Engineering

Hackers Set Up a Fake Cybersecurity Firm to Target Security Experts

The Hacker News

APRIL 1, 2021

A North Korean government-backed campaign targeting cybersecurity researchers with malware has re-emerged with new tactics in their arsenal as part of a fresh social engineering attack.

Social Engineering

Social Engineering Cybersecurity Media Engineering

How Security Teams Collect the Data They Need for Threat Intelligence

SecureWorld News

APRIL 14, 2025

With these insights, security personnel know which attack vectors to watch more closely, how to orchestrate the defenses, and what new phishing and social engineering trends to warn employees about. They amass data from websites, social media networks, news sources, public databases, and domain registries.

Media

Media Social Engineering Malware Financial Services

What threatens corporations in 2023: media blackmail, fake leaks and cloud attacks

SecureList

JANUARY 18, 2023

The threat landscape is constantly updated through new malware and spyware, advanced phishing methods, and new social engineering techniques. The media routinely report incidents and leaks of data that end up publicly accessible on the dark web. Kaspersky detects an average of 400,000 malicious files every day.

Media

Media Social Engineering Ransomware Hacking

Patch Tuesday, May 2024 Edition

Krebs on Security

MAY 14, 2024

“CVE-2024-30051 is used to gain initial access into a target environment and requires the use of social engineering tactics via email, social media or instant messaging to convince a target to open a specially crafted document file,” Narang said. Emerging in 2007 as a banking trojan, QakBot (a.k.a.

Social Engineering

Social Engineering Backups Malware Software

Facebook Meta uncovers Social Media Espionage

CyberSecurity Insiders

MAY 4, 2023

Meta, the parent company of Facebook, has uncovered a new social media espionage campaign in which cyber criminals launch social engineering attacks on Facebook and Instagram users by asking them to click on malevolent links, download malware, or share personal details.

Media

Media Social Engineering Engineering Accountability

Facebook Accounts Hijacked by FlyTrap Malware

Heimadal Security

AUGUST 10, 2021

The malware, dubbed as FlyTrap works by stealing session cookies. FlyTrap works based on a few simple social engineering tactics used to trick victims into using their Facebook credentials to log into malicious apps that are able to collect the data associated with the social media session.

Accountability

Accountability Malware Social Engineering Media

Malicious Apps Disguised as Banks and Government Agencies Targeting Indian Android Users

The Hacker News

NOVEMBER 20, 2023

Android smartphone users in India are the target of a new malware campaign that employs social engineering lures to install fraudulent apps that are capable of harvesting sensitive data.

Social Engineering

Social Engineering Banking Government Mobile

Criminals socially engineer their way to bank details with fake arrest warrants

Malwarebytes

AUGUST 22, 2022

Even with the application deleted, we had to assume that the device remained infected with malware. And while the IRBM and law enforcement have social media presence and do inform their followers of scams, it's not enough. "[T]he "Unfortunately, in this instance, uninstalling the app is not sufficient," Mustaffa said.

Social Engineering

Social Engineering Engineering Banking Scams

Fake Job Proposals Used to Deploy Malware – Security Researchers Targeted

Heimadal Security

MARCH 13, 2023

North Korean based threat actors are believed to be actively seeking security researchers and media outlets with fake job proposals aimed at U.S. Three different families of malware are deployed into the target’s environment, and social engineering techniques are used to convince their targets to engage in a WhatsApp conversation.

Malware

Malware Social Engineering Media Engineering

Meta Uncovers Massive Social Media Cyber Espionage Operations Across South Asia

The Hacker News

MAY 4, 2023

Each of these APTs relied heavily on social engineering to trick people into clicking on malicious links, downloading malware or sharing personal information across the internet," Guy Rosen, chief information

Social Engineering

Social Engineering Media Engineering Internet

News Alert: Perception Point reports rates of ‘BEC,’ phishing attacks climb in the first half of 2023

The Last Watchdog

JULY 27, 2023

In its H1 2023 Report: Cybersecurity Trends & Insights , Perception Point reported an overall increase in social engineering attacks, including a 20% growth in the prevalence of Business Email Compromise (BEC) attacks along with a 41% surge in phishing attacks from H2 2022 to H1 2023.

Phishing

Phishing Social Engineering Engineering Media

Financial cyberthreats in 2024

SecureList

MARCH 25, 2025

Note that for mobile banking malware, we retrospectively revised the 2023 numbers to provide more accurate statistics. We also changed the methodology for PC banking malware by removing obsolete families that no longer use Trojan banker functionality, hence the sharp drop in numbers against 2023. million detections compared to 5.84

Phishing

Phishing Banking Scams Mobile

Romantic Lawsuit for Two? Don't Let Cybercriminals Scam You this Valentine's Day

SecureWorld News

FEBRUARY 14, 2025

And 2025 will be no different, as increasingly sophisticated online hackers seek to take advantage of Valentine's themed email traffic, social media advertisements, or marketing campaigns, and exploit heightened emotions and a desire to connect. Last year saw a 110% rise in cybercrime in the lead up to Valentine's Day.

Scams

Scams Cybercrime Social Engineering Phishing

Video game cheat mod malware demonstrates risks of unlicensed software

SC Magazine

APRIL 1, 2021

The attackers used a new cryptor to obfuscate the malware code they hid in seemingly legitimate files and evade detection from antivirus software. Secondly, it replaces much of the legwork that goes into a hacking operation with a simple and straightforward social engineering approach.

Software

Software Malware Risk Antivirus

Valley News Live exposed more than a million job seeker’s resumes

Malwarebytes

FEBRUARY 4, 2025

The leaked data included: Full names Phone numbers Email addresses Home addresses Dates of birth Nationality and places of birth Social media links Employment history Educational background As you can imagine, these resumes represent a treasure trove for phishers and other cybercriminals. What do I need to do?

Identity Theft

Identity Theft Social Engineering Education Banking

No need to RSVP: a closer look at the Tria stealer campaign

SecureList

JANUARY 30, 2025

Introduction Since mid-2024, we’ve observed a malicious Android campaign leveraging wedding invitations as a lure to social-engineer victims into installing a malicious Android app (APK), which we have named “Tria Stealer” after unique strings found in campaign samples. Contact me at ‘[link].

Accountability

Accountability Malware Banking Phishing

Meet Exotic Lily, access broker for ransomware and other malware peddlers

Malwarebytes

MARCH 18, 2022

They will use a vulnerability to gain initial access, and, probably based on the nature of the target, sell this access to other cybercriminals that can use this access to deploy their specific malware. Social engineering. At first, the group would create entirely fake personas posing as employees of a real company.

Ransomware

Ransomware Malware Social Engineering Media

North Korean Lazarus APT group targets blockchain tech companies

Malwarebytes

APRIL 19, 2022

Since 2018, one of the Lazarus Group’s tactics has been to disguse AppleJeus malware as cryptocurrency trading platforms for both Windows and Mac. CISA warns that it uses these trojanized applications to gain access to victims’ computers, to spread other malware, and steal private keys or to exploit other security gaps.

Cryptocurrency

Cryptocurrency Social Engineering Computers and Electronics Engineering

What are the key Threats to Global National Security?

IT Security Guru

NOVEMBER 1, 2024

Types of Cybersecurity Threats Malware and Ransomware: These can disable systems or steal data for ransom. Phishing and Social Engineering: These tactics manipulate individuals to disclose sensitive information.

Technology

Technology Cyber Attacks Government Social Engineering

Story of the Year: global IT outages and supply chain attacks

SecureList

DECEMBER 9, 2024

This case underscores the serious risk that social engineering and supply chain attacks pose to open-source projects. Media sources reported that explosives had been concealed within the devices. The packages imitated libraries for LLMs, whereas in fact they downloaded the JarkaStealer malware to the victim’s system.

Internet

Internet Internet Risk Social Engineering

Cyber threats in gaming—and 3 tips for staying safe

Webroot

JUNE 2, 2022

Unfortunately, hackers realize this and use the lure of free games to infect people with malware. But you’ll get the most benefit out of focusing on the following three: Malware. Malware threats to gamers are spread through malicious websites, exploited system vulnerabilities, or Trojanized copies of pirated games.

Cyber threats

Cyber threats Social Engineering Accountability Malware

Hiding Malware in Social Media Buttons

FBI: Spike in Hacked Police Emails, Fake Subpoenas

Webinars

Trending Sources

Hackers Exploit Zoom's Remote Control Feature in Cryptocurrency Heists

Webinars

Crazy Evil gang runs over 10 highly specialized social media scams

What are Common Types of Social Engineering Attacks?

Iran and China-linked actors used ChatGPT for preparing attacks

The Impact of AI on Social Engineering Cyber Attacks

What Are Social Engineering Scams?

Kimsuky Targets Think Tanks and News Media with Social Engineering Attacks

15 SpyLoan Android apps found on Google Play had over 8 million installs

Hackers Hide Software Skimmer in Social Media Sharing Icons

When Low-Tech Hacks Cause High-Impact Breaches

EDR-as-a-Service makes the headlines in the cybercrime landscape

New AI “agents” could hold people for ransom in 2025

National Consumer Protection Week: Keeping your personal data safe in a digitally connected world

Social Engineering 2.0: The Rise of Deepfake Phishing

News alert: SquareX discloses ‘Browser Syncjacking’ – a new attack to hijack browser

Fake CAPTCHA websites hijack your clipboard to install information stealers

The Original APT: Advanced Persistent Teenagers

GUEST ESSAY: How the ‘Scattered Spiders’ youthful ring defeated MFA to plunder Vegas

3CX Breach Was a Double Supply Chain Compromise

April’s Patch Tuesday Brings Record Number of Fixes

North Korea-linked campaign targets security experts via social media

Hackers Set Up a Fake Cybersecurity Firm to Target Security Experts

How Security Teams Collect the Data They Need for Threat Intelligence

What threatens corporations in 2023: media blackmail, fake leaks and cloud attacks

Patch Tuesday, May 2024 Edition

Facebook Meta uncovers Social Media Espionage

Facebook Accounts Hijacked by FlyTrap Malware

Malicious Apps Disguised as Banks and Government Agencies Targeting Indian Android Users

Criminals socially engineer their way to bank details with fake arrest warrants

Fake Job Proposals Used to Deploy Malware – Security Researchers Targeted

Meta Uncovers Massive Social Media Cyber Espionage Operations Across South Asia

News Alert: Perception Point reports rates of ‘BEC,’ phishing attacks climb in the first half of 2023

Financial cyberthreats in 2024

Romantic Lawsuit for Two? Don't Let Cybercriminals Scam You this Valentine's Day

Video game cheat mod malware demonstrates risks of unlicensed software

Valley News Live exposed more than a million job seeker’s resumes

No need to RSVP: a closer look at the Tria stealer campaign

Meet Exotic Lily, access broker for ransomware and other malware peddlers

North Korean Lazarus APT group targets blockchain tech companies

What are the key Threats to Global National Security?

Story of the Year: global IT outages and supply chain attacks

Cyber threats in gaming—and 3 tips for staying safe

Stay Connected