#ctm360 — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #ctm360, aggregated by home.social.
-
CTM360 identifies an active campaign leveraging Google Groups and Google-hosted redirect chains to deliver Lumma Stealer (Windows) and a trojanized Chromium fork branded “Ninja Browser” (Linux).
Technical highlights:
• 950MB padded executable (null-byte inflation)
• AutoIt loader reconstruction
• Memory-resident payload execution
• Multipart/form-data POST exfiltration
• Malicious extension “NinjaBrowserMonetisation”
• XOR + Base56-like JS obfuscation
• Scheduled task persistence
• Russian search engine default modificationThis campaign reinforces a critical shift: SaaS platforms are now delivery infrastructure.
Defensive priorities:
– IoC blocking at firewall + EDR
– Redirect chain inspection
– Extension audit controls
– Endpoint scheduled task monitoringHow are you adjusting detection engineering for SaaS-based malware distribution?
Engage below.Source: https://www.ctm360.com/reports/ninja-browser-lumma-infostealer
Follow @technadu for ongoing threat intelligence coverage.
#ThreatIntel #MalwareResearch #DetectionEngineering #SOCOperations #EDR #CloudSecurity #SaaSAbuse #LummaStealer #LinuxThreats #CTM360 #IncidentResponse
-
CTM360 identifies an active campaign leveraging Google Groups and Google-hosted redirect chains to deliver Lumma Stealer (Windows) and a trojanized Chromium fork branded “Ninja Browser” (Linux).
Technical highlights:
• 950MB padded executable (null-byte inflation)
• AutoIt loader reconstruction
• Memory-resident payload execution
• Multipart/form-data POST exfiltration
• Malicious extension “NinjaBrowserMonetisation”
• XOR + Base56-like JS obfuscation
• Scheduled task persistence
• Russian search engine default modificationThis campaign reinforces a critical shift: SaaS platforms are now delivery infrastructure.
Defensive priorities:
– IoC blocking at firewall + EDR
– Redirect chain inspection
– Extension audit controls
– Endpoint scheduled task monitoringHow are you adjusting detection engineering for SaaS-based malware distribution?
Engage below.Source: https://www.ctm360.com/reports/ninja-browser-lumma-infostealer
Follow @technadu for ongoing threat intelligence coverage.
#ThreatIntel #MalwareResearch #DetectionEngineering #SOCOperations #EDR #CloudSecurity #SaaSAbuse #LummaStealer #LinuxThreats #CTM360 #IncidentResponse
-
CTM360 identifies an active campaign leveraging Google Groups and Google-hosted redirect chains to deliver Lumma Stealer (Windows) and a trojanized Chromium fork branded “Ninja Browser” (Linux).
Technical highlights:
• 950MB padded executable (null-byte inflation)
• AutoIt loader reconstruction
• Memory-resident payload execution
• Multipart/form-data POST exfiltration
• Malicious extension “NinjaBrowserMonetisation”
• XOR + Base56-like JS obfuscation
• Scheduled task persistence
• Russian search engine default modificationThis campaign reinforces a critical shift: SaaS platforms are now delivery infrastructure.
Defensive priorities:
– IoC blocking at firewall + EDR
– Redirect chain inspection
– Extension audit controls
– Endpoint scheduled task monitoringHow are you adjusting detection engineering for SaaS-based malware distribution?
Engage below.Source: https://www.ctm360.com/reports/ninja-browser-lumma-infostealer
Follow @technadu for ongoing threat intelligence coverage.
#ThreatIntel #MalwareResearch #DetectionEngineering #SOCOperations #EDR #CloudSecurity #SaaSAbuse #LummaStealer #LinuxThreats #CTM360 #IncidentResponse
-
CTM360 identifies an active campaign leveraging Google Groups and Google-hosted redirect chains to deliver Lumma Stealer (Windows) and a trojanized Chromium fork branded “Ninja Browser” (Linux).
Technical highlights:
• 950MB padded executable (null-byte inflation)
• AutoIt loader reconstruction
• Memory-resident payload execution
• Multipart/form-data POST exfiltration
• Malicious extension “NinjaBrowserMonetisation”
• XOR + Base56-like JS obfuscation
• Scheduled task persistence
• Russian search engine default modificationThis campaign reinforces a critical shift: SaaS platforms are now delivery infrastructure.
Defensive priorities:
– IoC blocking at firewall + EDR
– Redirect chain inspection
– Extension audit controls
– Endpoint scheduled task monitoringHow are you adjusting detection engineering for SaaS-based malware distribution?
Engage below.Source: https://www.ctm360.com/reports/ninja-browser-lumma-infostealer
Follow @technadu for ongoing threat intelligence coverage.
#ThreatIntel #MalwareResearch #DetectionEngineering #SOCOperations #EDR #CloudSecurity #SaaSAbuse #LummaStealer #LinuxThreats #CTM360 #IncidentResponse
-
CTM360 Report Explains How Emotions Fuel Modern Fraud – Source:hackread.com https://ciso2ciso.com/ctm360-report-explains-how-emotions-fuel-modern-fraud-sourcehackread-com/ #1CyberSecurityNewsPost #CyberSecurityNews #cybersecurity #Vulnerability #CyberAttack #ScamHooks #Hackread #Phishing #security #CTM360 #Fraud #Scam #AI
-
CTM360 Report Explains How Emotions Fuel Modern Fraud https://hackread.com/ctm360-report-explains-how-emotions-fuel-modern-fraud/ #Cybersecurity #Vulnerability #CyberAttack #ScamHooks #Security #Phishing #CTM360 #Fraud #Scam #AI
-
CTM360 report: Ransomware exploits trust more than tech https://www.helpnetsecurity.com/2025/05/22/ctm360-report-ransomware-attacks/ #cybersecurity #cybercrime #ransomware #Don'tmiss #Hotstuff #CTM360 #Europe #report #News #UK
-
CTM360 maps out real-time phishing infrastructure targeting corporate banking worldwide https://www.helpnetsecurity.com/2025/05/19/ctm360-cyberheist-phish-report/ #cybersecurity #cybercrime #Don'tmiss #Hotstuff #phishing #CTM360 #report #scams #News