#malwarecampaign — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #malwarecampaign, aggregated by home.social.
-
LofyGang Revives With Minecraft-Focused LofyStealer Campaign
Meet LofyGang, a notorious threat actor that's back in the game with a sneaky new campaign called LofyStealer, targeting Minecraft fans with malware disguised as a hack called 'Slinky'. This Brazil-based group has a history of infiltrating gaming communities and digital entertainment services.
#Lofygang #Minecraft #MalwareCampaign #StealerMalware #GamingCommunities
-
GlassWorm malware is evolving—using invisible code tricks to sneak into GitHub, NPM, and beyond. Could your favorite dev tools be next in its global pursuit? Read more to find out.
#glassworm
#malwarecampaign
#cybersecurity
#obfuscation
#vscodeextensions -
GlassWorm malware is evolving—using invisible code tricks to sneak into GitHub, NPM, and beyond. Could your favorite dev tools be next in its global pursuit? Read more to find out.
#glassworm
#malwarecampaign
#cybersecurity
#obfuscation
#vscodeextensions -
GlassWorm malware is evolving—using invisible code tricks to sneak into GitHub, NPM, and beyond. Could your favorite dev tools be next in its global pursuit? Read more to find out.
#glassworm
#malwarecampaign
#cybersecurity
#obfuscation
#vscodeextensions -
GlassWorm malware is evolving—using invisible code tricks to sneak into GitHub, NPM, and beyond. Could your favorite dev tools be next in its global pursuit? Read more to find out.
#glassworm
#malwarecampaign
#cybersecurity
#obfuscation
#vscodeextensions -
New Android Malware ‘SikkahBot’ Targets Students in Bangladesh https://thecyberexpress.com/sikkahbot-malware-campaign/ #TheCyberExpressNews #malwarecampaign #TheCyberExpress #FirewallDaily #DarkWebNews #Bangladesh #CyberNews #SikkahBot #CRIL
-
New Android Malware ‘SikkahBot’ Targets Students in Bangladesh https://thecyberexpress.com/sikkahbot-malware-campaign/ #TheCyberExpressNews #malwarecampaign #TheCyberExpress #FirewallDaily #DarkWebNews #Bangladesh #CyberNews #SikkahBot #CRIL
-
New Android Malware ‘SikkahBot’ Targets Students in Bangladesh https://thecyberexpress.com/sikkahbot-malware-campaign/ #TheCyberExpressNews #malwarecampaign #TheCyberExpress #FirewallDaily #DarkWebNews #Bangladesh #CyberNews #SikkahBot #CRIL
-
New Android Malware ‘SikkahBot’ Targets Students in Bangladesh https://thecyberexpress.com/sikkahbot-malware-campaign/ #TheCyberExpressNews #malwarecampaign #TheCyberExpress #FirewallDaily #DarkWebNews #Bangladesh #CyberNews #SikkahBot #CRIL
-
Fake TikTok shops linked to malware campaign targeting cryptocurrency https://www.byteseu.com/1279232/ #Crypto #CryptoMalware #CryptoCurrency #CryptocurrencyTheft #Cybercrime #DigitalAssetTheft #FakeOnlineShops #FakeTiktokShops #InfoStealingMalware #malware #MalwareCampaign #PhishingScam #TikTok #TiktokMalware #TiktokScam #TikTokShop #TiktokShops
-
Scammers are twisting SourceForge's trusted face—disguising malware as Microsoft Office add-ins. Ever wondered how they pull off this digital con? Read on to uncover the deception.
#sourceforge
#malwarecampaign
#cybersecurity
#microsoftoffice
#cybercrime -
Scammers are twisting SourceForge's trusted face—disguising malware as Microsoft Office add-ins. Ever wondered how they pull off this digital con? Read on to uncover the deception.
#sourceforge
#malwarecampaign
#cybersecurity
#microsoftoffice
#cybercrime -
Understanding the 'DollyWay' Malware Campaign: A Persistent Cyber Threat
#dollyway
#malwarecampaign
#cybersecurity
#wordpresssecurity
#infosectrends -
Understanding the 'DollyWay' Malware Campaign: A Persistent Cyber Threat
#dollyway
#malwarecampaign
#cybersecurity
#wordpresssecurity
#infosectrends -
Crypto-stealing scam targets Web3 workers with fake meeting apps - Cado Security Labs says scammers use AI to make fake but real-looking co... - https://cointelegraph.com/news/crypto-stealing-scammers-target-web3-workers-fake-meeting-apps #socialengineering #malwarecampaign #fakemeetingapp #realststealer #fakewebsites #cryptotheft #cyberscams. #spoofing
-
Crypto-stealing scam targets Web3 workers with fake meeting apps - Cado Security Labs says scammers use AI to make fake but real-looking co... - https://cointelegraph.com/news/crypto-stealing-scammers-target-web3-workers-fake-meeting-apps #socialengineering #malwarecampaign #fakemeetingapp #realststealer #fakewebsites #cryptotheft #cyberscams. #spoofing
-
Crypto-stealing scam targets Web3 workers with fake meeting apps - Cado Security Labs says scammers use AI to make fake but real-looking co... - https://cointelegraph.com/news/crypto-stealing-scammers-target-web3-workers-fake-meeting-apps #socialengineering #malwarecampaign #fakemeetingapp #realststealer #fakewebsites #cryptotheft #cyberscams. #spoofing
-
Crypto-stealing scam targets Web3 workers with fake meeting apps - Cado Security Labs says scammers use AI to make fake but real-looking co... - https://cointelegraph.com/news/crypto-stealing-scammers-target-web3-workers-fake-meeting-apps #socialengineering #malwarecampaign #fakemeetingapp #realststealer #fakewebsites #cryptotheft #cyberscams. #spoofing
-
TA547 Shifts Tactics: Leveraging Rhadamanthys Stealer in German-Specific Campaigns
Date: April 10, 2024
CVE: Not applicable
Vulnerability Type: Information Stealer
CWE: N/A
Sources: ProofpointIssue Summary
TA547, a financially motivated cybercriminal group, recently initiated an email campaign targeting German organizations, deploying the Rhadamanthys malware. This marks TA547's first recorded use of [[Rhadamanthys stealer]], an advanced information stealer previously utilized by multiple threat actors. The campaign featured emails impersonating the German retail giant Metro, with malicious attachments designed to execute Rhadamanthys without writing to disk, thereby evading typical file-based detection methods.
Technical Key Findings
The attack chain involves emails with a password-protected ZIP file attachment containing an LNK file. Execution of the LNK file triggers a PowerShell script that decodes and runs the [[Rhadamanthys stealer]] directly in memory. Notably, the PowerShell script exhibited signs of being generated by a Large Language Model (LLM), indicative of TA547's potential use of advanced AI tools for crafting malware delivery mechanisms.
Vulnerable products
- Windows platforms targeted via malicious email attachments
Impact assessment
[[Rhadamanthys stealer]] is designed to steal sensitive information, including credentials and financial data. Successful deployment within organizations can lead to significant data breaches, financial loss, and reputational damage.
Patches or workaround
While the report does not specify patches, organizations are advised to enhance email filtering, educate employees on phishing, and deploy behavior-based detection mechanisms to mitigate threats posed by memory-resident malware and sophisticated delivery scripts.
Tags
#TA547 #Rhadamanthys #InformationStealer #Germany #Cybercrime #MalwareCampaign #PowerShell #AI_Malware
-
TA547 Shifts Tactics: Leveraging Rhadamanthys Stealer in German-Specific Campaigns
Date: April 10, 2024
CVE: Not applicable
Vulnerability Type: Information Stealer
CWE: N/A
Sources: ProofpointIssue Summary
TA547, a financially motivated cybercriminal group, recently initiated an email campaign targeting German organizations, deploying the Rhadamanthys malware. This marks TA547's first recorded use of [[Rhadamanthys stealer]], an advanced information stealer previously utilized by multiple threat actors. The campaign featured emails impersonating the German retail giant Metro, with malicious attachments designed to execute Rhadamanthys without writing to disk, thereby evading typical file-based detection methods.
Technical Key Findings
The attack chain involves emails with a password-protected ZIP file attachment containing an LNK file. Execution of the LNK file triggers a PowerShell script that decodes and runs the [[Rhadamanthys stealer]] directly in memory. Notably, the PowerShell script exhibited signs of being generated by a Large Language Model (LLM), indicative of TA547's potential use of advanced AI tools for crafting malware delivery mechanisms.
Vulnerable products
- Windows platforms targeted via malicious email attachments
Impact assessment
[[Rhadamanthys stealer]] is designed to steal sensitive information, including credentials and financial data. Successful deployment within organizations can lead to significant data breaches, financial loss, and reputational damage.
Patches or workaround
While the report does not specify patches, organizations are advised to enhance email filtering, educate employees on phishing, and deploy behavior-based detection mechanisms to mitigate threats posed by memory-resident malware and sophisticated delivery scripts.
Tags
#TA547 #Rhadamanthys #InformationStealer #Germany #Cybercrime #MalwareCampaign #PowerShell #AI_Malware
-
TA547 Shifts Tactics: Leveraging Rhadamanthys Stealer in German-Specific Campaigns
Date: April 10, 2024
CVE: Not applicable
Vulnerability Type: Information Stealer
CWE: N/A
Sources: ProofpointIssue Summary
TA547, a financially motivated cybercriminal group, recently initiated an email campaign targeting German organizations, deploying the Rhadamanthys malware. This marks TA547's first recorded use of [[Rhadamanthys stealer]], an advanced information stealer previously utilized by multiple threat actors. The campaign featured emails impersonating the German retail giant Metro, with malicious attachments designed to execute Rhadamanthys without writing to disk, thereby evading typical file-based detection methods.
Technical Key Findings
The attack chain involves emails with a password-protected ZIP file attachment containing an LNK file. Execution of the LNK file triggers a PowerShell script that decodes and runs the [[Rhadamanthys stealer]] directly in memory. Notably, the PowerShell script exhibited signs of being generated by a Large Language Model (LLM), indicative of TA547's potential use of advanced AI tools for crafting malware delivery mechanisms.
Vulnerable products
- Windows platforms targeted via malicious email attachments
Impact assessment
[[Rhadamanthys stealer]] is designed to steal sensitive information, including credentials and financial data. Successful deployment within organizations can lead to significant data breaches, financial loss, and reputational damage.
Patches or workaround
While the report does not specify patches, organizations are advised to enhance email filtering, educate employees on phishing, and deploy behavior-based detection mechanisms to mitigate threats posed by memory-resident malware and sophisticated delivery scripts.
Tags
#TA547 #Rhadamanthys #InformationStealer #Germany #Cybercrime #MalwareCampaign #PowerShell #AI_Malware
-
TA547 Shifts Tactics: Leveraging Rhadamanthys Stealer in German-Specific Campaigns
Date: April 10, 2024
CVE: Not applicable
Vulnerability Type: Information Stealer
CWE: N/A
Sources: ProofpointIssue Summary
TA547, a financially motivated cybercriminal group, recently initiated an email campaign targeting German organizations, deploying the Rhadamanthys malware. This marks TA547's first recorded use of [[Rhadamanthys stealer]], an advanced information stealer previously utilized by multiple threat actors. The campaign featured emails impersonating the German retail giant Metro, with malicious attachments designed to execute Rhadamanthys without writing to disk, thereby evading typical file-based detection methods.
Technical Key Findings
The attack chain involves emails with a password-protected ZIP file attachment containing an LNK file. Execution of the LNK file triggers a PowerShell script that decodes and runs the [[Rhadamanthys stealer]] directly in memory. Notably, the PowerShell script exhibited signs of being generated by a Large Language Model (LLM), indicative of TA547's potential use of advanced AI tools for crafting malware delivery mechanisms.
Vulnerable products
- Windows platforms targeted via malicious email attachments
Impact assessment
[[Rhadamanthys stealer]] is designed to steal sensitive information, including credentials and financial data. Successful deployment within organizations can lead to significant data breaches, financial loss, and reputational damage.
Patches or workaround
While the report does not specify patches, organizations are advised to enhance email filtering, educate employees on phishing, and deploy behavior-based detection mechanisms to mitigate threats posed by memory-resident malware and sophisticated delivery scripts.
Tags
#TA547 #Rhadamanthys #InformationStealer #Germany #Cybercrime #MalwareCampaign #PowerShell #AI_Malware
-
TA547 Shifts Tactics: Leveraging Rhadamanthys Stealer in German-Specific Campaigns
Date: April 10, 2024
CVE: Not applicable
Vulnerability Type: Information Stealer
CWE: N/A
Sources: ProofpointIssue Summary
TA547, a financially motivated cybercriminal group, recently initiated an email campaign targeting German organizations, deploying the Rhadamanthys malware. This marks TA547's first recorded use of [[Rhadamanthys stealer]], an advanced information stealer previously utilized by multiple threat actors. The campaign featured emails impersonating the German retail giant Metro, with malicious attachments designed to execute Rhadamanthys without writing to disk, thereby evading typical file-based detection methods.
Technical Key Findings
The attack chain involves emails with a password-protected ZIP file attachment containing an LNK file. Execution of the LNK file triggers a PowerShell script that decodes and runs the [[Rhadamanthys stealer]] directly in memory. Notably, the PowerShell script exhibited signs of being generated by a Large Language Model (LLM), indicative of TA547's potential use of advanced AI tools for crafting malware delivery mechanisms.
Vulnerable products
- Windows platforms targeted via malicious email attachments
Impact assessment
[[Rhadamanthys stealer]] is designed to steal sensitive information, including credentials and financial data. Successful deployment within organizations can lead to significant data breaches, financial loss, and reputational damage.
Patches or workaround
While the report does not specify patches, organizations are advised to enhance email filtering, educate employees on phishing, and deploy behavior-based detection mechanisms to mitigate threats posed by memory-resident malware and sophisticated delivery scripts.
Tags
#TA547 #Rhadamanthys #InformationStealer #Germany #Cybercrime #MalwareCampaign #PowerShell #AI_Malware
-
Security researchers reveal malware campaign called Sign1 that has infected over 39000 Wordpress websites.
The attackers inject malware into custom HTML widgets and legitimate plugins that leads to redirects and popup ads. The malware uses time-based randomization to generate URLs that change every 10 minutes to evade blocks.
Administrators are advised to have strong admin password, and to keep plugins up to date.
-
Security researchers reveal malware campaign called Sign1 that has infected over 39000 Wordpress websites.
The attackers inject malware into custom HTML widgets and legitimate plugins that leads to redirects and popup ads. The malware uses time-based randomization to generate URLs that change every 10 minutes to evade blocks.
Administrators are advised to have strong admin password, and to keep plugins up to date.
-
Security researchers reveal malware campaign called Sign1 that has infected over 39000 Wordpress websites.
The attackers inject malware into custom HTML widgets and legitimate plugins that leads to redirects and popup ads. The malware uses time-based randomization to generate URLs that change every 10 minutes to evade blocks.
Administrators are advised to have strong admin password, and to keep plugins up to date.
-
Security researchers reveal malware campaign called Sign1 that has infected over 39000 Wordpress websites.
The attackers inject malware into custom HTML widgets and legitimate plugins that leads to redirects and popup ads. The malware uses time-based randomization to generate URLs that change every 10 minutes to evade blocks.
Administrators are advised to have strong admin password, and to keep plugins up to date.
-
Sign1 Malware Hijacked 39,000 WordPress Websites https://gbhackers.com/sign1-malware-hijacks-wordpress-sites/ #CybersecurityAnalysis #CyberSecurityNews #WordPresssecurity #malwarecampaign #Wordpress #Malware
-
Sign1 Malware Hijacked 39,000 WordPress Websites https://gbhackers.com/sign1-malware-hijacks-wordpress-sites/ #CybersecurityAnalysis #CyberSecurityNews #WordPresssecurity #malwarecampaign #Wordpress #Malware
-
Sign1 Malware Hijacked 39,000 WordPress Websites https://gbhackers.com/sign1-malware-hijacks-wordpress-sites/ #CybersecurityAnalysis #CyberSecurityNews #WordPresssecurity #malwarecampaign #Wordpress #Malware
-
ChatGPT and AI the newest vector for malware: Meta security team - Security researchers at Meta said “bad actors” have flocked to ge... - https://cointelegraph.com/news/chatgpt-and-ai-the-newest-vector-for-malware-meta-security-team #malwarecampaign #malwarefamilies #metasecurity #generativeai #analysts #guyrosen #metaai #openai
-
ChatGPT and AI the newest vector for malware: Meta security team - Security researchers at Meta said “bad actors” have flocked to ge... - https://cointelegraph.com/news/chatgpt-and-ai-the-newest-vector-for-malware-meta-security-team #malwarecampaign #malwarefamilies #metasecurity #generativeai #analysts #guyrosen #metaai #openai
-
ChatGPT and AI the newest vector for malware: Meta security team - Security researchers at Meta said “bad actors” have flocked to ge... - https://cointelegraph.com/news/chatgpt-and-ai-the-newest-vector-for-malware-meta-security-team #malwarecampaign #malwarefamilies #metasecurity #generativeai #analysts #guyrosen #metaai #openai
-
ChatGPT and AI the newest vector for malware: Meta security team - Security researchers at Meta said “bad actors” have flocked to ge... - https://cointelegraph.com/news/chatgpt-and-ai-the-newest-vector-for-malware-meta-security-team #malwarecampaign #malwarefamilies #metasecurity #generativeai #analysts #guyrosen #metaai #openai