Malware and Phishing - Cyber Security Informer

Bumblebee and Latrodectus Malware Return with Sophisticated Phishing Strategies

The Hacker News

OCTOBER 22, 2024

Two malware families that suffered setbacks in the aftermath of a coordinated law enforcement operation called Endgame have resurfaced as part of new phishing campaigns. Tracked under the names BlackWidow, IceNova, Lotus,

Phishing

Phishing Malware

This Windows PowerShell Phish Has Scary Potential

Krebs on Security

SEPTEMBER 19, 2024

Many GitHub users this week received a novel phishing email warning of critical security holes in their code. Those who clicked the link for details were asked to distinguish themselves from bots by pressing a combination of keyboard keys that causes Microsoft Windows to download password-stealing malware.

Phishing

Phishing Scams Malware Passwords

A generative artificial intelligence malware used in phishing attacks

Security Affairs

SEPTEMBER 24, 2024

HP researchers detected a dropper that was generated by generative artificial intelligence services and used to deliver AsyncRAT malware. While investigating a malicious email, HP researchers discovered a malware generated by generative artificial intelligence services and used to deliver the AsyncRAT malware.

Artificial Intelligence

Artificial Intelligence Phishing Malware Encryption

Astaroth Banking Malware Resurfaces in Brazil via Spear-Phishing Attack

The Hacker News

OCTOBER 16, 2024

A new spear-phishing campaign targeting Brazil has been found delivering a banking malware called Astaroth (aka Guildma) by making use of obfuscated JavaScript to slip past security guardrails.

Banking

Banking Phishing Malware Retail

Phishing campaigns target SMBs in Poland, Romania, and Italy with multiple malware families

Security Affairs

JULY 31, 2024

Phishing campaigns target small and medium-sized businesses (SMBs) in Poland to deliver malware families such as Agent Tesla, Formbook, and Remcos RAT. ESET researchers observed multiple phishing campaigns targeting SMBs in Poland in May 2024, distributing various malware families like Agent Tesla , Formbook , and Remcos RAT.

Phishing

Phishing Malware Accountability Hacking

APT34 Deploys Phishing Attack With New Malware

Trend Micro

SEPTEMBER 28, 2023

We observed and tracked the advanced persistent threat (APT) APT34 group with a new malware variant accompanying a phishing attack comparatively similar to the SideTwist backdoor malware.

Phishing

Phishing Malware Government Cyber threats

Millions of Docker repos found pushing malware, phishing sites

Bleeping Computer

APRIL 30, 2024

Three large-scale campaigns have targeted Docker Hub users, planting millions of repositories designed to push malware and phishing sites since early 2021. [.]

Phishing

Phishing Malware

New Phishing Campaign Deploys PureHVNC and Other Malware, Targets Sensitive Data

Penetration Testing

AUGUST 12, 2024

Cybersecurity researchers from FortiGuard Labs have discovered a sophisticated phishing campaign that utilizes a multi-stage execution flow and various evasion techniques to deliver multiple strains of malware, including the remote... The post New Phishing Campaign Deploys PureHVNC and Other Malware, Targets Sensitive Data appeared first (..)

Phishing

Phishing Malware Cybersecurity

Latrodectus Malware Loader Emerges as IcedID's Successor in Phishing Campaigns

The Hacker News

MAY 19, 2024

Cybersecurity researchers have observed a spike in email phishing campaigns starting early March 2024 that delivers Latrodectus, a nascent malware loader believed to be the successor to the IcedID malware.

Phishing

Phishing Malware Cybersecurity

New Brazilian-Linked SambaSpy Malware Targets Italian Users via Phishing Emails

The Hacker News

SEPTEMBER 19, 2024

A previously undocumented malware called SambaSpy is exclusively targeting users in Italy via a phishing campaign orchestrated by a suspected Brazilian Portuguese-speaking threat actor. It's likely that the attackers are testing the

Phishing

Phishing Malware

Microsoft Teams phishing attack pushes DarkGate malware

Bleeping Computer

SEPTEMBER 9, 2023

A new phishing campaign is abusing Microsoft Teams messages to send malicious attachments that install the DarkGate Loader malware. [.]

Phishing

Phishing Malware

More_eggs Malware Disguised as Resumes Targets Recruiters in Phishing Attack

The Hacker News

JUNE 10, 2024

Cybersecurity researchers have spotted a phishing attack distributing the More_eggs malware by masquerading it as a resume, a technique originally detected more than two years ago.

Phishing

Phishing Malware Cybersecurity

North Korean Hackers Target Job Seekers with Malware-Laced Video Apps

Penetration Testing

NOVEMBER 18, 2024

A recent report by Unit 42 researchers uncovers a complex phishing campaign linked to a cluster of North Korean IT workers tracked as CL-STA-0237. This group used malware-infected video conference... The post North Korean Hackers Target Job Seekers with Malware-Laced Video Apps appeared first on Cybersecurity News.

Malware

Malware Phishing Cybersecurity

Microsoft Teams phishing pushes DarkGate malware via group chats

Bleeping Computer

JANUARY 30, 2024

New phishing attacks abuse Microsoft Teams group chat requests to push malicious attachments that install DarkGate malware payloads on victims' systems. [.]

Phishing

Phishing Malware

Phishing Domains Tanked After Meta Sued Freenom

Krebs on Security

MAY 26, 2023

The number of phishing websites tied to domain name registrar Freenom dropped precipitously in the months surrounding a recent lawsuit from social networking giant Meta , which alleged the free domain name provider has a long history of ignoring abuse complaints about phishing websites while monetizing traffic to those abusive domains.

Phishing

Phishing Malware

‘The Manipulaters’ Improve Phishing, Still Fail at Opsec

Krebs on Security

APRIL 3, 2024

Roughly nine years ago, KrebsOnSecurity profiled a Pakistan-based cybercrime group called “ The Manipulaters ,” a sprawling web hosting network of phishing and spam delivery platforms. Manipulaters advertisement for “Office 365 Private Page with Antibot” phishing kit sold on the domain heartsender,com.

Phishing

Phishing Cybercrime Malware Advertising

PythonRatLoader: The Malware Loader That’s Turning Phishing Into a Multi-Stage Attack

Penetration Testing

NOVEMBER 1, 2024

A recent report by Adam Martin and Kian Buckley Maher from the Cofense Phishing Defense Center (PDC) has revealed a sophisticated malware loader, PythonRatLoader, that is being used to distribute... The post PythonRatLoader: The Malware Loader That’s Turning Phishing Into a Multi-Stage Attack appeared first on Cybersecurity News.

Phishing

Phishing Malware Cybersecurity

Attackers Using Obfuscation Tools to Deliver Multi-Stage Malware via Invoice Phishing

The Hacker News

APRIL 9, 2024

Cybersecurity researchers have discovered an intricate multi-stage attack that leverages invoice-themed phishing decoys to deliver a wide range of malware such as Venom RAT, Remcos RAT, XWorm, NanoCore RAT, and a stealer that targets crypto wallets.

Phishing

Phishing Malware Cybersecurity

New Phishing Campaign Targets Oil & Gas with Evolved Data-Stealing Malware

The Hacker News

APRIL 4, 2024

An updated version of an information-stealing malware called Rhadamanthys is being used in phishing campaigns targeting the oil and gas sector.

Phishing

Phishing Malware

TimbreStealer Malware Spreading via Tax-themed Phishing Scam Targets IT Users

The Hacker News

FEBRUARY 27, 2024

Mexican users have been targeted with tax-themed phishing lures at least since November 2023 to distribute a previously undocumented Windows malware called TimbreStealer.

Phishing

Phishing Malware Scams Banking

Earth Baxia Uses Spear-Phishing and GeoServer Exploit to Target APAC

Trend Micro

SEPTEMBER 18, 2024

We observed Earth Baxia carrying out targeted attacks against APAC countries that involved advanced techniques like spear-phishing and customized malware, with data suggesting that the group operates from China.

Phishing

Phishing Malware

New FakeCall Malware Variant Hijacks Android Devices for Fraudulent Banking Calls

The Hacker News

NOVEMBER 3, 2024

Cybersecurity researchers have discovered a new version of a well-known Android malware family dubbed FakeCall that employs voice phishing (aka vishing) techniques to trick users into parting with their personal information.

Malware

Malware Banking Mobile Phishing

Dark Web Recruitment: Malware, Phishing, and Carding

Digital Shadows

NOVEMBER 10, 2022

The post Dark Web Recruitment: Malware, Phishing, and Carding first appeared on Digital Shadows. In our first blog in this series, we covered how ransomware groups go about their recruitment, with their large teams.

Phishing

Phishing Malware Ransomware

W2 Form Phishing Campaign Delivers Brute Ratel and Latrodectus Malware

Penetration Testing

JULY 27, 2024

Rapid7, a leading cybersecurity firm, has issued a warning about a new phishing campaign targeting individuals seeking W2 tax forms online.

Phishing

Phishing Malware Cybersecurity

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 16

Security Affairs

OCTOBER 20, 2024

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape. Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape.

Malware

Malware Ransomware Encryption Phishing

Phishing targeting Polish SMBs continues via ModiLoader

We Live Security

JULY 30, 2024

ESET researchers detected multiple, widespread phishing campaigns targeting SMBs in Poland during May 2024, distributing various malware families

Phishing

Phishing Malware

Russia-linked APT28 used new malware in a recent phishing campaign

Security Affairs

DECEMBER 29, 2023

Ukraine’s CERT (CERT-UA) warned of a new phishing campaign by the APT28 group to deploy previously undocumented malware strains. The group employed previously undetected malware such as OCEANMAP, MASEPIE, and STEELHOOK to steal sensitive information from target networks. file classified as MASEPIE.

Phishing

Phishing Malware Computers and Electronics Internet

Cybercriminals Use Excel Exploit to Spread Fileless Remcos RAT Malware

The Hacker News

NOVEMBER 10, 2024

Cybersecurity researchers have discovered a new phishing campaign that spreads a new fileless variant of known commercial malware called Remcos RAT.

Malware

Malware Phishing Cybersecurity

Google to bolster phishing and malware delivery defenses in 2024

Bleeping Computer

OCTOBER 3, 2023

Google will introduce new sender guidelines in February to bolster email security against phishing and malware delivery by mandating bulk senders to authenticate their emails and adhere to stricter spam thresholds [.]

Phishing

Phishing Malware Authentication

Phishing and Malware Detection: Top Tips from K-12 Technology Leaders

Security Boulevard

AUGUST 8, 2024

The post Phishing and Malware Detection: Top Tips from K-12 Technology Leaders appeared first on ManagedMethods Cybersecurity, Safety & Compliance for K-12. The post Phishing and Malware Detection: Top Tips from K-12 Technology Leaders appeared first on Security Boulevard.

Technology

Technology Phishing Malware Cybersecurity

DPRK-linked BlueNoroff used macOS malware with novel persistence

Security Affairs

NOVEMBER 7, 2024

SentinelLabs observed North Korea-linked threat actor BlueNoroff targeting businesses in the crypto industry with a new multi-stage malware. SentinelLabs researchers identified a North Korea-linked threat actor targeting crypto businesses with new macOS malware as part of a campaign tracked as “Hidden Risk.”

Malware

Malware Architecture Risk Cryptocurrency

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 13

Security Affairs

SEPTEMBER 29, 2024

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape. Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape.

Malware

Malware Social Engineering IoT Scams

DarkGate and PikaBot Malware Resurrect QakBot's Tactics in New Phishing Attacks

The Hacker News

NOVEMBER 20, 2023

Phishing campaigns delivering malware families such as DarkGate and PikaBot are following the same tactics previously used in attacks leveraging the now-defunct QakBot trojan.

Phishing

Phishing Malware

Android malware FakeCall intercepts your calls to the bank

Malwarebytes

OCTOBER 31, 2024

Last time FakeCall reared its head, BleepingComputer reported that the malware was being distributed as fake banking apps that impersonate large financial institutions, as well as being distributed in phishing emails. The FakeCall malware abuses this trust by hijacking the user’s call to a financial institution.

Banking

Banking Malware Phishing Risk

CERT-UA warns of a phishing campaign targeting government entities

Security Affairs

AUGUST 13, 2024

CERT-UA warned that Russia-linked actor is impersonating the Security Service of Ukraine (SSU) in a new phishing campaign to distribute malware. The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of a new phishing campaign targeting organizations in the country, including government entities.

Government

Government Phishing Malware Banking

Deceptive Google Meet Invites Lures Users Into Malware Scams

eSecurity Planet

OCTOBER 22, 2024

One of the most concerning tactics currently on the rise is the ClickFix campaign — a sophisticated phishing scheme targeting unsuspecting Google Meet users. These malware scams lure individuals with fake conference invitations designed to mimic legitimate meeting requests and exploit users’ trust. What Are ClickFix Campaigns?

Scams

Scams Malware Social Engineering Phishing

Despite MDM, Financial Services Plagued by Phishing, Malware

Security Boulevard

MAY 6, 2021

In fact, even while MDM adoption rose 50%, quarterly exposure to phishing between 2019 and 2020 jumped by 125%, according to the Lookout Financial Services Threat Report. That’s certainly noteworthy, but the 400% increase in malware and app exposure is.

Financial Services

Financial Services Phishing Malware Mobile

Cybersecurity Threats Skyrocket in Hong Kong: Fraud, Phishing, and Malware Take Center Stage

Penetration Testing

OCTOBER 2, 2024

In a recent revelation, the number of cyber threats in Hong Kong has surged dramatically, with fraud, phishing, and malware attacks becoming increasingly prevalent.

Phishing

Phishing Malware Cybersecurity Antivirus

GitHub, Telegram Bots, and QR Codes Abused in New Wave of Phishing Attacks

The Hacker News

OCTOBER 11, 2024

A new tax-themed malware campaign targeting insurance and finance sectors has been observed leveraging GitHub links in phishing email messages as a way to bypass security measures and deliver Remcos RAT, indicating that the method is gaining traction among threat actors. "In

Phishing

Phishing Insurance Malware Software

Invoice Phishing Alert: TA866 Deploys WasabiSeed & Screenshotter Malware

The Hacker News

JANUARY 19, 2024

The threat actor tracked as TA866 has resurfaced after a nine-month hiatus with a new large-volume phishing campaign to deliver known malware families such as WasabiSeed and Screenshotter.

Phishing

Phishing Malware

Void Banshee Group Used ‘Windows Relic’ IE in Phishing Campaign

Security Boulevard

JULY 17, 2024

The APT group Void Banshee exploited a now-patched Windows security flaw and the retired Internet Explorer browser to distributed the Atlantida malware to steal system information and sensitive data from victims. The post Void Banshee Group Used ‘Windows Relic’ IE in Phishing Campaign appeared first on Security Boulevard.

Phishing

Phishing Internet Internet Malware

Russia-linked APT used a car for sale as a phishing lure to target diplomats with HeadLace malware

Security Affairs

AUGUST 3, 2024

A Russia-linked APT used a car for sale as a phishing lure to deliver a modular Windows backdoor called HeadLace. The campaign began around March 2024, the attackers leveraged phishing tactics that have been effective against diplomats for years, exploiting themes that prompt targets to engage with malicious content.

Phishing

Phishing Malware Advertising Authentication

APT28 Targets Diplomats with HeadLace Malware via Car Sale Phishing Lure

The Hacker News

AUGUST 2, 2024

A Russia-linked threat actor has been linked to a new campaign that employed a car for sale as a phishing lure to deliver a modular Windows backdoor called HeadLace.

Phishing

Phishing Malware

Water Makara Uses Obfuscated JavaScript in Spear Phishing Campaign, Targets Brazil With Astaroth Malware

Trend Micro

OCTOBER 13, 2024

This group is targeting enterprises in Brazil, deploying banking malware using obfuscated JavaScript to slip past security defenses. Trend Micro researchers have uncovered a surge of malicious activities involving a threat actor group that we track as Water Makara.

Malware

Malware Security Defenses Phishing Banking

Bumblebee and Latrodectus Malware Return with Sophisticated Phishing Strategies

This Windows PowerShell Phish Has Scary Potential

Trending Sources

A generative artificial intelligence malware used in phishing attacks

Astaroth Banking Malware Resurfaces in Brazil via Spear-Phishing Attack

Phishing campaigns target SMBs in Poland, Romania, and Italy with multiple malware families

APT34 Deploys Phishing Attack With New Malware

Millions of Docker repos found pushing malware, phishing sites

New Phishing Campaign Deploys PureHVNC and Other Malware, Targets Sensitive Data

Latrodectus Malware Loader Emerges as IcedID's Successor in Phishing Campaigns

New Brazilian-Linked SambaSpy Malware Targets Italian Users via Phishing Emails

Microsoft Teams phishing attack pushes DarkGate malware

More_eggs Malware Disguised as Resumes Targets Recruiters in Phishing Attack

North Korean Hackers Target Job Seekers with Malware-Laced Video Apps

Microsoft Teams phishing pushes DarkGate malware via group chats

Phishing Domains Tanked After Meta Sued Freenom

‘The Manipulaters’ Improve Phishing, Still Fail at Opsec

PythonRatLoader: The Malware Loader That’s Turning Phishing Into a Multi-Stage Attack

Attackers Using Obfuscation Tools to Deliver Multi-Stage Malware via Invoice Phishing

New Phishing Campaign Targets Oil & Gas with Evolved Data-Stealing Malware

TimbreStealer Malware Spreading via Tax-themed Phishing Scam Targets IT Users

Earth Baxia Uses Spear-Phishing and GeoServer Exploit to Target APAC

New FakeCall Malware Variant Hijacks Android Devices for Fraudulent Banking Calls

Dark Web Recruitment: Malware, Phishing, and Carding

W2 Form Phishing Campaign Delivers Brute Ratel and Latrodectus Malware

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 16

Phishing targeting Polish SMBs continues via ModiLoader

Russia-linked APT28 used new malware in a recent phishing campaign

Cybercriminals Use Excel Exploit to Spread Fileless Remcos RAT Malware

Google to bolster phishing and malware delivery defenses in 2024

Phishing and Malware Detection: Top Tips from K-12 Technology Leaders

DPRK-linked BlueNoroff used macOS malware with novel persistence

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 13

DarkGate and PikaBot Malware Resurrect QakBot's Tactics in New Phishing Attacks

Android malware FakeCall intercepts your calls to the bank

CERT-UA warns of a phishing campaign targeting government entities

Deceptive Google Meet Invites Lures Users Into Malware Scams

Despite MDM, Financial Services Plagued by Phishing, Malware

Cybersecurity Threats Skyrocket in Hong Kong: Fraud, Phishing, and Malware Take Center Stage

GitHub, Telegram Bots, and QR Codes Abused in New Wave of Phishing Attacks

Invoice Phishing Alert: TA866 Deploys WasabiSeed & Screenshotter Malware

Void Banshee Group Used ‘Windows Relic’ IE in Phishing Campaign

Russia-linked APT used a car for sale as a phishing lure to target diplomats with HeadLace malware

APT28 Targets Diplomats with HeadLace Malware via Car Sale Phishing Lure

Water Makara Uses Obfuscated JavaScript in Spear Phishing Campaign, Targets Brazil With Astaroth Malware

Stay Connected