home.social

#social-engineering — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #social-engineering, aggregated by home.social.

fetched live
  1. DATE: July 14, 2026 at 05:40PM
    SOURCE: HEALTHCARE INFO SECURITY

    Direct article link at end of text block below.

    How #AI Can Speed Up Discovery of Safer #PainRelief Options: Nii Osae of #MindbeamAI Describes Project to Identify Promising New Treatments t.co/9wulCCspBV

    Here are any URLs found in the article text:

    t.co/9wulCCspBV

    Articles can be found by scrolling down the page at healthcareinfosecurity.com/ under the title "Latest"

    -------------------------------------------------

    Private, vetted email list for mental health professionals: clinicians-exchange.org

    Healthcare security & privacy posts not related to IT or infosec are at @HIPAABot . Even so, they mix in some infosec with the legal & regulatory information.

    -------------------------------------------------

    #security #healthcare #doctors #itsecurity #hacking #doxxing #psychotherapy #securitynews #psychotherapist #mentalhealth #psychiatry #hospital #socialwork #datasecurity #webbeacons #cookies #HIPAA #privacy #datanalytics #healthcaresecurity #healthitsecurity #patientrecords @infosec #telehealth #netneutrality #socialengineering

  2. DATE: July 14, 2026 at 05:40PM
    SOURCE: HEALTHCARE INFO SECURITY

    Direct article link at end of text block below.

    How #AI Can Speed Up Discovery of Safer #PainRelief Options: Nii Osae of #MindbeamAI Describes Project to Identify Promising New Treatments t.co/9wulCCspBV

    Here are any URLs found in the article text:

    t.co/9wulCCspBV

    Articles can be found by scrolling down the page at healthcareinfosecurity.com/ under the title "Latest"

    -------------------------------------------------

    Private, vetted email list for mental health professionals: clinicians-exchange.org

    Healthcare security & privacy posts not related to IT or infosec are at @HIPAABot . Even so, they mix in some infosec with the legal & regulatory information.

    -------------------------------------------------

    #security #healthcare #doctors #itsecurity #hacking #doxxing #psychotherapy #securitynews #psychotherapist #mentalhealth #psychiatry #hospital #socialwork #datasecurity #webbeacons #cookies #HIPAA #privacy #datanalytics #healthcaresecurity #healthitsecurity #patientrecords @infosec #telehealth #netneutrality #socialengineering

  3. DATE: July 14, 2026 at 05:40PM
    SOURCE: HEALTHCARE INFO SECURITY

    Direct article link at end of text block below.

    How #AI Can Speed Up Discovery of Safer #PainRelief Options: Nii Osae of #MindbeamAI Describes Project to Identify Promising New Treatments t.co/9wulCCspBV

    Here are any URLs found in the article text:

    t.co/9wulCCspBV

    Articles can be found by scrolling down the page at healthcareinfosecurity.com/ under the title "Latest"

    -------------------------------------------------

    Private, vetted email list for mental health professionals: clinicians-exchange.org

    Healthcare security & privacy posts not related to IT or infosec are at @HIPAABot . Even so, they mix in some infosec with the legal & regulatory information.

    -------------------------------------------------

    #security #healthcare #doctors #itsecurity #hacking #doxxing #psychotherapy #securitynews #psychotherapist #mentalhealth #psychiatry #hospital #socialwork #datasecurity #webbeacons #cookies #HIPAA #privacy #datanalytics #healthcaresecurity #healthitsecurity #patientrecords @infosec #telehealth #netneutrality #socialengineering

  4. DATE: July 14, 2026 at 05:40PM
    SOURCE: HEALTHCARE INFO SECURITY

    Direct article link at end of text block below.

    How #AI Can Speed Up Discovery of Safer #PainRelief Options: Nii Osae of #MindbeamAI Describes Project to Identify Promising New Treatments t.co/9wulCCspBV

    Here are any URLs found in the article text:

    t.co/9wulCCspBV

    Articles can be found by scrolling down the page at healthcareinfosecurity.com/ under the title "Latest"

    -------------------------------------------------

    Private, vetted email list for mental health professionals: clinicians-exchange.org

    Healthcare security & privacy posts not related to IT or infosec are at @HIPAABot . Even so, they mix in some infosec with the legal & regulatory information.

    -------------------------------------------------

    #security #healthcare #doctors #itsecurity #hacking #doxxing #psychotherapy #securitynews #psychotherapist #mentalhealth #psychiatry #hospital #socialwork #datasecurity #webbeacons #cookies #HIPAA #privacy #datanalytics #healthcaresecurity #healthitsecurity #patientrecords @infosec #telehealth #netneutrality #socialengineering

  5. The Scam Will Go On: Beware of Fake Offers for Celine Dion Concert Tickets

    A sophisticated multi-layered scam operation targets fans seeking tickets for Celine Dion's French tour through two primary vectors. Fraudsters embed themselves in Facebook Groups and Marketplace, using social engineering to create artificial urgency and selling tickets before official presale dates. They exploit Ticketmaster's legitimate transfer feature to resell identical digital tickets to multiple victims, accepting direct bank transfers from compromised accounts. Simultaneously, threat actors deploy fraudulent websites impersonating official distributors like AXS and Ticketmaster, exploiting Shopify's payment infrastructure to appear legitimate. These sites share common technical indicators suggesting use of a recycled phishing kit previously deployed for other major concert events, including Oasis and Taylor Swift tours. The scheme combines emotional manipulation with technical deception to defraud victims desperate for concert access.

    Pulse ID: 6a566597fbaff52dd5288ce4
    Pulse Link: otx.alienvault.com/pulse/6a566
    Pulse Author: AlienVault
    Created: 2026-07-14 16:36:39

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #Bank #CyberSecurity #Facebook #InfoSec #OTX #OpenThreatExchange #Phishing #RAT #SocialEngineering #bot #AlienVault

  6. The Scam Will Go On: Beware of Fake Offers for Celine Dion Concert Tickets

    A sophisticated multi-layered scam operation targets fans seeking tickets for Celine Dion's French tour through two primary vectors. Fraudsters embed themselves in Facebook Groups and Marketplace, using social engineering to create artificial urgency and selling tickets before official presale dates. They exploit Ticketmaster's legitimate transfer feature to resell identical digital tickets to multiple victims, accepting direct bank transfers from compromised accounts. Simultaneously, threat actors deploy fraudulent websites impersonating official distributors like AXS and Ticketmaster, exploiting Shopify's payment infrastructure to appear legitimate. These sites share common technical indicators suggesting use of a recycled phishing kit previously deployed for other major concert events, including Oasis and Taylor Swift tours. The scheme combines emotional manipulation with technical deception to defraud victims desperate for concert access.

    Pulse ID: 6a566597fbaff52dd5288ce4
    Pulse Link: otx.alienvault.com/pulse/6a566
    Pulse Author: AlienVault
    Created: 2026-07-14 16:36:39

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #Bank #CyberSecurity #Facebook #InfoSec #OTX #OpenThreatExchange #Phishing #RAT #SocialEngineering #bot #AlienVault

  7. The Scam Will Go On: Beware of Fake Offers for Celine Dion Concert Tickets

    A sophisticated multi-layered scam operation targets fans seeking tickets for Celine Dion's French tour through two primary vectors. Fraudsters embed themselves in Facebook Groups and Marketplace, using social engineering to create artificial urgency and selling tickets before official presale dates. They exploit Ticketmaster's legitimate transfer feature to resell identical digital tickets to multiple victims, accepting direct bank transfers from compromised accounts. Simultaneously, threat actors deploy fraudulent websites impersonating official distributors like AXS and Ticketmaster, exploiting Shopify's payment infrastructure to appear legitimate. These sites share common technical indicators suggesting use of a recycled phishing kit previously deployed for other major concert events, including Oasis and Taylor Swift tours. The scheme combines emotional manipulation with technical deception to defraud victims desperate for concert access.

    Pulse ID: 6a566597fbaff52dd5288ce4
    Pulse Link: otx.alienvault.com/pulse/6a566
    Pulse Author: AlienVault
    Created: 2026-07-14 16:36:39

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #Bank #CyberSecurity #Facebook #InfoSec #OTX #OpenThreatExchange #Phishing #RAT #SocialEngineering #bot #AlienVault

  8. The Scam Will Go On: Beware of Fake Offers for Celine Dion Concert Tickets

    A sophisticated multi-layered scam operation targets fans seeking tickets for Celine Dion's French tour through two primary vectors. Fraudsters embed themselves in Facebook Groups and Marketplace, using social engineering to create artificial urgency and selling tickets before official presale dates. They exploit Ticketmaster's legitimate transfer feature to resell identical digital tickets to multiple victims, accepting direct bank transfers from compromised accounts. Simultaneously, threat actors deploy fraudulent websites impersonating official distributors like AXS and Ticketmaster, exploiting Shopify's payment infrastructure to appear legitimate. These sites share common technical indicators suggesting use of a recycled phishing kit previously deployed for other major concert events, including Oasis and Taylor Swift tours. The scheme combines emotional manipulation with technical deception to defraud victims desperate for concert access.

    Pulse ID: 6a566597fbaff52dd5288ce4
    Pulse Link: otx.alienvault.com/pulse/6a566
    Pulse Author: AlienVault
    Created: 2026-07-14 16:36:39

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #Bank #CyberSecurity #Facebook #InfoSec #OTX #OpenThreatExchange #Phishing #RAT #SocialEngineering #bot #AlienVault

  9. The Scam Will Go On: Beware of Fake Offers for Celine Dion Concert Tickets

    A sophisticated multi-layered scam operation targets fans seeking tickets for Celine Dion's French tour through two primary vectors. Fraudsters embed themselves in Facebook Groups and Marketplace, using social engineering to create artificial urgency and selling tickets before official presale dates. They exploit Ticketmaster's legitimate transfer feature to resell identical digital tickets to multiple victims, accepting direct bank transfers from compromised accounts. Simultaneously, threat actors deploy fraudulent websites impersonating official distributors like AXS and Ticketmaster, exploiting Shopify's payment infrastructure to appear legitimate. These sites share common technical indicators suggesting use of a recycled phishing kit previously deployed for other major concert events, including Oasis and Taylor Swift tours. The scheme combines emotional manipulation with technical deception to defraud victims desperate for concert access.

    Pulse ID: 6a566597fbaff52dd5288ce4
    Pulse Link: otx.alienvault.com/pulse/6a566
    Pulse Author: AlienVault
    Created: 2026-07-14 16:36:39

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #Bank #CyberSecurity #Facebook #InfoSec #OTX #OpenThreatExchange #Phishing #RAT #SocialEngineering #bot #AlienVault

  10. Tomorrowland 2026, Belgium: People of Tomorrow, Targets of Today

    Tomorrowland Belgium 2026, spanning two weekends in July at De Schorre in Boom, sold out rapidly, creating opportunities for cybercriminals. Investigation uncovered approximately a dozen fraudulent websites impersonating the festival brand to target ticket seekers and travellers. These scams include fake ticket shops mimicking official sales with countdown timers and fraudulent biometric checks, travel sites offering bogus accommodation and transport packages, and affiliate schemes. The operations harvest complete identity data, payment credentials, and personal information through sophisticated social engineering. Victims lose money with no recourse, face identity theft risks, and ultimately receive invalid or non-existent tickets. The scammers exploit high demand, tight supply, and rushed purchasing decisions, with sites registered weeks in advance and pushed hardest when official tickets are sold out.

    Pulse ID: 6a55e306b92e2ed9438ab45f
    Pulse Link: otx.alienvault.com/pulse/6a55e
    Pulse Author: AlienVault
    Created: 2026-07-14 07:19:34

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #Biometric #CyberSecurity #InfoSec #Mimic #OTX #OpenThreatExchange #RAT #SocialEngineering #bot #AlienVault

  11. Tomorrowland 2026, Belgium: People of Tomorrow, Targets of Today

    Tomorrowland Belgium 2026, spanning two weekends in July at De Schorre in Boom, sold out rapidly, creating opportunities for cybercriminals. Investigation uncovered approximately a dozen fraudulent websites impersonating the festival brand to target ticket seekers and travellers. These scams include fake ticket shops mimicking official sales with countdown timers and fraudulent biometric checks, travel sites offering bogus accommodation and transport packages, and affiliate schemes. The operations harvest complete identity data, payment credentials, and personal information through sophisticated social engineering. Victims lose money with no recourse, face identity theft risks, and ultimately receive invalid or non-existent tickets. The scammers exploit high demand, tight supply, and rushed purchasing decisions, with sites registered weeks in advance and pushed hardest when official tickets are sold out.

    Pulse ID: 6a55e306b92e2ed9438ab45f
    Pulse Link: otx.alienvault.com/pulse/6a55e
    Pulse Author: AlienVault
    Created: 2026-07-14 07:19:34

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #Biometric #CyberSecurity #InfoSec #Mimic #OTX #OpenThreatExchange #RAT #SocialEngineering #bot #AlienVault

  12. Tomorrowland 2026, Belgium: People of Tomorrow, Targets of Today

    Tomorrowland Belgium 2026, spanning two weekends in July at De Schorre in Boom, sold out rapidly, creating opportunities for cybercriminals. Investigation uncovered approximately a dozen fraudulent websites impersonating the festival brand to target ticket seekers and travellers. These scams include fake ticket shops mimicking official sales with countdown timers and fraudulent biometric checks, travel sites offering bogus accommodation and transport packages, and affiliate schemes. The operations harvest complete identity data, payment credentials, and personal information through sophisticated social engineering. Victims lose money with no recourse, face identity theft risks, and ultimately receive invalid or non-existent tickets. The scammers exploit high demand, tight supply, and rushed purchasing decisions, with sites registered weeks in advance and pushed hardest when official tickets are sold out.

    Pulse ID: 6a55e306b92e2ed9438ab45f
    Pulse Link: otx.alienvault.com/pulse/6a55e
    Pulse Author: AlienVault
    Created: 2026-07-14 07:19:34

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #Biometric #CyberSecurity #InfoSec #Mimic #OTX #OpenThreatExchange #RAT #SocialEngineering #bot #AlienVault

  13. Tomorrowland 2026, Belgium: People of Tomorrow, Targets of Today

    Tomorrowland Belgium 2026, spanning two weekends in July at De Schorre in Boom, sold out rapidly, creating opportunities for cybercriminals. Investigation uncovered approximately a dozen fraudulent websites impersonating the festival brand to target ticket seekers and travellers. These scams include fake ticket shops mimicking official sales with countdown timers and fraudulent biometric checks, travel sites offering bogus accommodation and transport packages, and affiliate schemes. The operations harvest complete identity data, payment credentials, and personal information through sophisticated social engineering. Victims lose money with no recourse, face identity theft risks, and ultimately receive invalid or non-existent tickets. The scammers exploit high demand, tight supply, and rushed purchasing decisions, with sites registered weeks in advance and pushed hardest when official tickets are sold out.

    Pulse ID: 6a55e306b92e2ed9438ab45f
    Pulse Link: otx.alienvault.com/pulse/6a55e
    Pulse Author: AlienVault
    Created: 2026-07-14 07:19:34

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #Biometric #CyberSecurity #InfoSec #Mimic #OTX #OpenThreatExchange #RAT #SocialEngineering #bot #AlienVault

  14. Tomorrowland 2026, Belgium: People of Tomorrow, Targets of Today

    Tomorrowland Belgium 2026, spanning two weekends in July at De Schorre in Boom, sold out rapidly, creating opportunities for cybercriminals. Investigation uncovered approximately a dozen fraudulent websites impersonating the festival brand to target ticket seekers and travellers. These scams include fake ticket shops mimicking official sales with countdown timers and fraudulent biometric checks, travel sites offering bogus accommodation and transport packages, and affiliate schemes. The operations harvest complete identity data, payment credentials, and personal information through sophisticated social engineering. Victims lose money with no recourse, face identity theft risks, and ultimately receive invalid or non-existent tickets. The scammers exploit high demand, tight supply, and rushed purchasing decisions, with sites registered weeks in advance and pushed hardest when official tickets are sold out.

    Pulse ID: 6a55e306b92e2ed9438ab45f
    Pulse Link: otx.alienvault.com/pulse/6a55e
    Pulse Author: AlienVault
    Created: 2026-07-14 07:19:34

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #Biometric #CyberSecurity #InfoSec #Mimic #OTX #OpenThreatExchange #RAT #SocialEngineering #bot #AlienVault

  15. DATE: July 13, 2026 at 05:46PM
    SOURCE: HEALTHCARE INFO SECURITY

    Direct article link at end of text block below.

    #Bipartisan House Bill Pushes #AI for #PediatricCancer Care: Would Create AI Coordinator, Expand Data Interoperability shttps://www.healthcareinfosecurity.com/bipartisan-house-bill-pushes-ai-for-pediatric-cancer-care-a-32216 #Cancerresearch @RepMcCaul @RepBera @MikeKellyPA

    Here are any URLs found in the article text:

    healthcareinfosecurity.com/bip

    Articles can be found by scrolling down the page at healthcareinfosecurity.com/ under the title "Latest"

    -------------------------------------------------

    Private, vetted email list for mental health professionals: clinicians-exchange.org

    Healthcare security & privacy posts not related to IT or infosec are at @HIPAABot . Even so, they mix in some infosec with the legal & regulatory information.

    -------------------------------------------------

    #security #healthcare #doctors #itsecurity #hacking #doxxing #psychotherapy #securitynews #psychotherapist #mentalhealth #psychiatry #hospital #socialwork #datasecurity #webbeacons #cookies #HIPAA #privacy #datanalytics #healthcaresecurity #healthitsecurity #patientrecords @infosec #telehealth #netneutrality #socialengineering

  16. DATE: July 13, 2026 at 05:46PM
    SOURCE: HEALTHCARE INFO SECURITY

    Direct article link at end of text block below.

    #Bipartisan House Bill Pushes #AI for #PediatricCancer Care: Would Create AI Coordinator, Expand Data Interoperability shttps://www.healthcareinfosecurity.com/bipartisan-house-bill-pushes-ai-for-pediatric-cancer-care-a-32216 #Cancerresearch @RepMcCaul @RepBera @MikeKellyPA

    Here are any URLs found in the article text:

    healthcareinfosecurity.com/bip

    Articles can be found by scrolling down the page at healthcareinfosecurity.com/ under the title "Latest"

    -------------------------------------------------

    Private, vetted email list for mental health professionals: clinicians-exchange.org

    Healthcare security & privacy posts not related to IT or infosec are at @HIPAABot . Even so, they mix in some infosec with the legal & regulatory information.

    -------------------------------------------------

    #security #healthcare #doctors #itsecurity #hacking #doxxing #psychotherapy #securitynews #psychotherapist #mentalhealth #psychiatry #hospital #socialwork #datasecurity #webbeacons #cookies #HIPAA #privacy #datanalytics #healthcaresecurity #healthitsecurity #patientrecords @infosec #telehealth #netneutrality #socialengineering

  17. DATE: July 13, 2026 at 05:46PM
    SOURCE: HEALTHCARE INFO SECURITY

    Direct article link at end of text block below.

    #Bipartisan House Bill Pushes #AI for #PediatricCancer Care: Would Create AI Coordinator, Expand Data Interoperability shttps://www.healthcareinfosecurity.com/bipartisan-house-bill-pushes-ai-for-pediatric-cancer-care-a-32216 #Cancerresearch @RepMcCaul @RepBera @MikeKellyPA

    Here are any URLs found in the article text:

    healthcareinfosecurity.com/bip

    Articles can be found by scrolling down the page at healthcareinfosecurity.com/ under the title "Latest"

    -------------------------------------------------

    Private, vetted email list for mental health professionals: clinicians-exchange.org

    Healthcare security & privacy posts not related to IT or infosec are at @HIPAABot . Even so, they mix in some infosec with the legal & regulatory information.

    -------------------------------------------------

    #security #healthcare #doctors #itsecurity #hacking #doxxing #psychotherapy #securitynews #psychotherapist #mentalhealth #psychiatry #hospital #socialwork #datasecurity #webbeacons #cookies #HIPAA #privacy #datanalytics #healthcaresecurity #healthitsecurity #patientrecords @infosec #telehealth #netneutrality #socialengineering

  18. DATE: July 13, 2026 at 05:46PM
    SOURCE: HEALTHCARE INFO SECURITY

    Direct article link at end of text block below.

    #Bipartisan House Bill Pushes #AI for #PediatricCancer Care: Would Create AI Coordinator, Expand Data Interoperability shttps://www.healthcareinfosecurity.com/bipartisan-house-bill-pushes-ai-for-pediatric-cancer-care-a-32216 #Cancerresearch @RepMcCaul @RepBera @MikeKellyPA

    Here are any URLs found in the article text:

    healthcareinfosecurity.com/bip

    Articles can be found by scrolling down the page at healthcareinfosecurity.com/ under the title "Latest"

    -------------------------------------------------

    Private, vetted email list for mental health professionals: clinicians-exchange.org

    Healthcare security & privacy posts not related to IT or infosec are at @HIPAABot . Even so, they mix in some infosec with the legal & regulatory information.

    -------------------------------------------------

    #security #healthcare #doctors #itsecurity #hacking #doxxing #psychotherapy #securitynews #psychotherapist #mentalhealth #psychiatry #hospital #socialwork #datasecurity #webbeacons #cookies #HIPAA #privacy #datanalytics #healthcaresecurity #healthitsecurity #patientrecords @infosec #telehealth #netneutrality #socialengineering

  19. Sign here… and install an unwanted RMM

    A sophisticated phishing campaign impersonates DocuSign's branding to compromise victims through malicious JavaScript embedded in fraudulent webpages. The attack leverages social engineering to trick users into downloading MSI installers disguised as legitimate DocuSign updates or documents. These payloads establish remote access through legitimate Remote Monitoring and Management tools from Atera Network Ltd and ConnectWise/ScreenConnect. Investigation revealed extensive attacker infrastructure spanning hundreds of domains, with tracking mechanisms via Telegram bots collecting detailed victim telemetry including IP addresses, geolocation, ISP information, and user-agent strings. The campaign targets both Windows and macOS systems, utilizing deployment kits across multiple infrastructures with similar URL patterns and JavaScript mechanisms.

    Pulse ID: 6a512b20f12a5adf6bf2c1b3
    Pulse Link: otx.alienvault.com/pulse/6a512
    Pulse Author: AlienVault
    Created: 2026-07-10 17:25:52

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #ConnectWise #CyberSecurity #InfoSec #Java #JavaScript #Mac #MacOS #OTX #OpenThreatExchange #Phishing #SMS #ScreenConnect #SocialEngineering #Telegram #Windows #bot #AlienVault

  20. Sign here… and install an unwanted RMM

    A sophisticated phishing campaign impersonates DocuSign's branding to compromise victims through malicious JavaScript embedded in fraudulent webpages. The attack leverages social engineering to trick users into downloading MSI installers disguised as legitimate DocuSign updates or documents. These payloads establish remote access through legitimate Remote Monitoring and Management tools from Atera Network Ltd and ConnectWise/ScreenConnect. Investigation revealed extensive attacker infrastructure spanning hundreds of domains, with tracking mechanisms via Telegram bots collecting detailed victim telemetry including IP addresses, geolocation, ISP information, and user-agent strings. The campaign targets both Windows and macOS systems, utilizing deployment kits across multiple infrastructures with similar URL patterns and JavaScript mechanisms.

    Pulse ID: 6a512b20f12a5adf6bf2c1b3
    Pulse Link: otx.alienvault.com/pulse/6a512
    Pulse Author: AlienVault
    Created: 2026-07-10 17:25:52

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #ConnectWise #CyberSecurity #InfoSec #Java #JavaScript #Mac #MacOS #OTX #OpenThreatExchange #Phishing #SMS #ScreenConnect #SocialEngineering #Telegram #Windows #bot #AlienVault

  21. Sign here… and install an unwanted RMM

    A sophisticated phishing campaign impersonates DocuSign's branding to compromise victims through malicious JavaScript embedded in fraudulent webpages. The attack leverages social engineering to trick users into downloading MSI installers disguised as legitimate DocuSign updates or documents. These payloads establish remote access through legitimate Remote Monitoring and Management tools from Atera Network Ltd and ConnectWise/ScreenConnect. Investigation revealed extensive attacker infrastructure spanning hundreds of domains, with tracking mechanisms via Telegram bots collecting detailed victim telemetry including IP addresses, geolocation, ISP information, and user-agent strings. The campaign targets both Windows and macOS systems, utilizing deployment kits across multiple infrastructures with similar URL patterns and JavaScript mechanisms.

    Pulse ID: 6a512b20f12a5adf6bf2c1b3
    Pulse Link: otx.alienvault.com/pulse/6a512
    Pulse Author: AlienVault
    Created: 2026-07-10 17:25:52

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #ConnectWise #CyberSecurity #InfoSec #Java #JavaScript #Mac #MacOS #OTX #OpenThreatExchange #Phishing #SMS #ScreenConnect #SocialEngineering #Telegram #Windows #bot #AlienVault

  22. Sign here… and install an unwanted RMM

    A sophisticated phishing campaign impersonates DocuSign's branding to compromise victims through malicious JavaScript embedded in fraudulent webpages. The attack leverages social engineering to trick users into downloading MSI installers disguised as legitimate DocuSign updates or documents. These payloads establish remote access through legitimate Remote Monitoring and Management tools from Atera Network Ltd and ConnectWise/ScreenConnect. Investigation revealed extensive attacker infrastructure spanning hundreds of domains, with tracking mechanisms via Telegram bots collecting detailed victim telemetry including IP addresses, geolocation, ISP information, and user-agent strings. The campaign targets both Windows and macOS systems, utilizing deployment kits across multiple infrastructures with similar URL patterns and JavaScript mechanisms.

    Pulse ID: 6a512b20f12a5adf6bf2c1b3
    Pulse Link: otx.alienvault.com/pulse/6a512
    Pulse Author: AlienVault
    Created: 2026-07-10 17:25:52

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #ConnectWise #CyberSecurity #InfoSec #Java #JavaScript #Mac #MacOS #OTX #OpenThreatExchange #Phishing #SMS #ScreenConnect #SocialEngineering #Telegram #Windows #bot #AlienVault

  23. Sign here… and install an unwanted RMM

    A sophisticated phishing campaign impersonates DocuSign's branding to compromise victims through malicious JavaScript embedded in fraudulent webpages. The attack leverages social engineering to trick users into downloading MSI installers disguised as legitimate DocuSign updates or documents. These payloads establish remote access through legitimate Remote Monitoring and Management tools from Atera Network Ltd and ConnectWise/ScreenConnect. Investigation revealed extensive attacker infrastructure spanning hundreds of domains, with tracking mechanisms via Telegram bots collecting detailed victim telemetry including IP addresses, geolocation, ISP information, and user-agent strings. The campaign targets both Windows and macOS systems, utilizing deployment kits across multiple infrastructures with similar URL patterns and JavaScript mechanisms.

    Pulse ID: 6a512b20f12a5adf6bf2c1b3
    Pulse Link: otx.alienvault.com/pulse/6a512
    Pulse Author: AlienVault
    Created: 2026-07-10 17:25:52

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #ConnectWise #CyberSecurity #InfoSec #Java #JavaScript #Mac #MacOS #OTX #OpenThreatExchange #Phishing #SMS #ScreenConnect #SocialEngineering #Telegram #Windows #bot #AlienVault

  24. Operation Capsule Vault: RokRAT Attack Chain Analysis Using EMBED_PAYLOAD_v2

    A sophisticated spear-phishing campaign targeted individuals in research, policy, and academic fields through emails disguised as materials from an actual academic conference. The attack leveraged a cloud storage link delivering a malicious ISO file containing a PIF executable disguised as a PDF document. The multi-stage loader used EMBED_PAYLOAD_v2 structure to embed both legitimate documents and malicious payloads, which were sequentially extracted and executed in memory. Shellcode injection into explorer.exe ultimately deployed a RokRAT variant communicating with cloud-based C2 infrastructure via pCloud, Dropbox, and Yandex Cloud. The campaign demonstrated advanced social engineering by exploiting information from a real event, combined with sophisticated evasion techniques including process injection and cloud-based command-and-control operations. Attribution analysis linked the activity to APT37 based on infrastructure overlap, code similarities, and operational patterns.

    Pulse ID: 6a5414fab18f9d7456d7eda8
    Pulse Link: otx.alienvault.com/pulse/6a541
    Pulse Author: AlienVault
    Created: 2026-07-12 22:28:10

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #APT37 #Cloud #CodeInjection #CyberSecurity #Dropbox #Email #InfoSec #OTX #OpenThreatExchange #PDF #Phishing #RAT #ShellCode #SocialEngineering #SpearPhishing #bot #pCloud #AlienVault

  25. Operation Capsule Vault: RokRAT Attack Chain Analysis Using EMBED_PAYLOAD_v2

    A sophisticated spear-phishing campaign targeted individuals in research, policy, and academic fields through emails disguised as materials from an actual academic conference. The attack leveraged a cloud storage link delivering a malicious ISO file containing a PIF executable disguised as a PDF document. The multi-stage loader used EMBED_PAYLOAD_v2 structure to embed both legitimate documents and malicious payloads, which were sequentially extracted and executed in memory. Shellcode injection into explorer.exe ultimately deployed a RokRAT variant communicating with cloud-based C2 infrastructure via pCloud, Dropbox, and Yandex Cloud. The campaign demonstrated advanced social engineering by exploiting information from a real event, combined with sophisticated evasion techniques including process injection and cloud-based command-and-control operations. Attribution analysis linked the activity to APT37 based on infrastructure overlap, code similarities, and operational patterns.

    Pulse ID: 6a5414fab18f9d7456d7eda8
    Pulse Link: otx.alienvault.com/pulse/6a541
    Pulse Author: AlienVault
    Created: 2026-07-12 22:28:10

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #APT37 #Cloud #CodeInjection #CyberSecurity #Dropbox #Email #InfoSec #OTX #OpenThreatExchange #PDF #Phishing #RAT #ShellCode #SocialEngineering #SpearPhishing #bot #pCloud #AlienVault

  26. Operation Capsule Vault: RokRAT Attack Chain Analysis Using EMBED_PAYLOAD_v2

    A sophisticated spear-phishing campaign targeted individuals in research, policy, and academic fields through emails disguised as materials from an actual academic conference. The attack leveraged a cloud storage link delivering a malicious ISO file containing a PIF executable disguised as a PDF document. The multi-stage loader used EMBED_PAYLOAD_v2 structure to embed both legitimate documents and malicious payloads, which were sequentially extracted and executed in memory. Shellcode injection into explorer.exe ultimately deployed a RokRAT variant communicating with cloud-based C2 infrastructure via pCloud, Dropbox, and Yandex Cloud. The campaign demonstrated advanced social engineering by exploiting information from a real event, combined with sophisticated evasion techniques including process injection and cloud-based command-and-control operations. Attribution analysis linked the activity to APT37 based on infrastructure overlap, code similarities, and operational patterns.

    Pulse ID: 6a5414fab18f9d7456d7eda8
    Pulse Link: otx.alienvault.com/pulse/6a541
    Pulse Author: AlienVault
    Created: 2026-07-12 22:28:10

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #APT37 #Cloud #CodeInjection #CyberSecurity #Dropbox #Email #InfoSec #OTX #OpenThreatExchange #PDF #Phishing #RAT #ShellCode #SocialEngineering #SpearPhishing #bot #pCloud #AlienVault

  27. Operation Capsule Vault: RokRAT Attack Chain Analysis Using EMBED_PAYLOAD_v2

    A sophisticated spear-phishing campaign targeted individuals in research, policy, and academic fields through emails disguised as materials from an actual academic conference. The attack leveraged a cloud storage link delivering a malicious ISO file containing a PIF executable disguised as a PDF document. The multi-stage loader used EMBED_PAYLOAD_v2 structure to embed both legitimate documents and malicious payloads, which were sequentially extracted and executed in memory. Shellcode injection into explorer.exe ultimately deployed a RokRAT variant communicating with cloud-based C2 infrastructure via pCloud, Dropbox, and Yandex Cloud. The campaign demonstrated advanced social engineering by exploiting information from a real event, combined with sophisticated evasion techniques including process injection and cloud-based command-and-control operations. Attribution analysis linked the activity to APT37 based on infrastructure overlap, code similarities, and operational patterns.

    Pulse ID: 6a5414fab18f9d7456d7eda8
    Pulse Link: otx.alienvault.com/pulse/6a541
    Pulse Author: AlienVault
    Created: 2026-07-12 22:28:10

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #APT37 #Cloud #CodeInjection #CyberSecurity #Dropbox #Email #InfoSec #OTX #OpenThreatExchange #PDF #Phishing #RAT #ShellCode #SocialEngineering #SpearPhishing #bot #pCloud #AlienVault

  28. Operation Capsule Vault: RokRAT Attack Chain Analysis Using EMBED_PAYLOAD_v2

    A sophisticated spear-phishing campaign targeted individuals in research, policy, and academic fields through emails disguised as materials from an actual academic conference. The attack leveraged a cloud storage link delivering a malicious ISO file containing a PIF executable disguised as a PDF document. The multi-stage loader used EMBED_PAYLOAD_v2 structure to embed both legitimate documents and malicious payloads, which were sequentially extracted and executed in memory. Shellcode injection into explorer.exe ultimately deployed a RokRAT variant communicating with cloud-based C2 infrastructure via pCloud, Dropbox, and Yandex Cloud. The campaign demonstrated advanced social engineering by exploiting information from a real event, combined with sophisticated evasion techniques including process injection and cloud-based command-and-control operations. Attribution analysis linked the activity to APT37 based on infrastructure overlap, code similarities, and operational patterns.

    Pulse ID: 6a5414fab18f9d7456d7eda8
    Pulse Link: otx.alienvault.com/pulse/6a541
    Pulse Author: AlienVault
    Created: 2026-07-12 22:28:10

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #APT37 #Cloud #CodeInjection #CyberSecurity #Dropbox #Email #InfoSec #OTX #OpenThreatExchange #PDF #Phishing #RAT #ShellCode #SocialEngineering #SpearPhishing #bot #pCloud #AlienVault

  29. Experiment of the week.

    We've submitted Episode 16, "GDPR Enters the Chat", to The Pod Radar to see how our podcast performs on a community-driven discovery platform.

    If you've listened to the episode and feel it deserves a recommendation, we'd appreciate your vote. It's a small gesture that can help other IT professionals discover the show.

    Link: thepodradar.com/episode/8d5b7b

    #Podcast #Technology #CyberSecurity #InformationSecurity #SocialEngineering #GDPR

  30. Experiment of the week.

    We've submitted Episode 16, "GDPR Enters the Chat", to The Pod Radar to see how our podcast performs on a community-driven discovery platform.

    If you've listened to the episode and feel it deserves a recommendation, we'd appreciate your vote. It's a small gesture that can help other IT professionals discover the show.

    Link: thepodradar.com/episode/8d5b7b

    #Podcast #Technology #CyberSecurity #InformationSecurity #SocialEngineering #GDPR

  31. Experiment of the week.

    We've submitted Episode 16, "GDPR Enters the Chat", to The Pod Radar to see how our podcast performs on a community-driven discovery platform.

    If you've listened to the episode and feel it deserves a recommendation, we'd appreciate your vote. It's a small gesture that can help other IT professionals discover the show.

    Link: thepodradar.com/episode/8d5b7b

    #Podcast #Technology #CyberSecurity #InformationSecurity #SocialEngineering #GDPR

  32. Experiment of the week.

    We've submitted Episode 16, "GDPR Enters the Chat", to The Pod Radar to see how our podcast performs on a community-driven discovery platform.

    If you've listened to the episode and feel it deserves a recommendation, we'd appreciate your vote. It's a small gesture that can help other IT professionals discover the show.

    Link: thepodradar.com/episode/8d5b7b

    #Podcast #Technology #CyberSecurity #InformationSecurity #SocialEngineering #GDPR

  33. Experiment of the week.

    We've submitted Episode 16, "GDPR Enters the Chat", to The Pod Radar to see how our podcast performs on a community-driven discovery platform.

    If you've listened to the episode and feel it deserves a recommendation, we'd appreciate your vote. It's a small gesture that can help other IT professionals discover the show.

    Link: thepodradar.com/episode/8d5b7b

  34. No "human verification" thing on a website login will ask you to paste some command into a terminal. Anyone who does that is asking for consequences. #SocialEngineering

  35. No "human verification" thing on a website login will ask you to paste some command into a terminal. Anyone who does that is asking for consequences. #SocialEngineering

  36. No "human verification" thing on a website login will ask you to paste some command into a terminal. Anyone who does that is asking for consequences. #SocialEngineering

  37. DATE: July 10, 2026 at 05:23PM
    SOURCE: HEALTHCARE INFO SECURITY

    Direct article link at end of text block below.

    #AI Threats Put #Healthcare Vendors in #Hackers' Crosshairs: #HIPAA #BusinessAssociates Tied to 50% of #DataBreach Victims as #AI-Aided Attacks Loom t.co/BM2ieuq230 #wallofshame @HHSOCR

    Here are any URLs found in the article text:

    t.co/BM2ieuq230

    Articles can be found by scrolling down the page at healthcareinfosecurity.com/ under the title "Latest"

    -------------------------------------------------

    Private, vetted email list for mental health professionals: clinicians-exchange.org

    Healthcare security & privacy posts not related to IT or infosec are at @HIPAABot . Even so, they mix in some infosec with the legal & regulatory information.

    -------------------------------------------------

    #security #healthcare #doctors #itsecurity #hacking #doxxing #psychotherapy #securitynews #psychotherapist #mentalhealth #psychiatry #hospital #socialwork #datasecurity #webbeacons #cookies #HIPAA #privacy #datanalytics #healthcaresecurity #healthitsecurity #patientrecords @infosec #telehealth #netneutrality #socialengineering

  38. DATE: July 10, 2026 at 05:23PM
    SOURCE: HEALTHCARE INFO SECURITY

    Direct article link at end of text block below.

    #AI Threats Put #Healthcare Vendors in #Hackers' Crosshairs: #HIPAA #BusinessAssociates Tied to 50% of #DataBreach Victims as #AI-Aided Attacks Loom t.co/BM2ieuq230 #wallofshame @HHSOCR

    Here are any URLs found in the article text:

    t.co/BM2ieuq230

    Articles can be found by scrolling down the page at healthcareinfosecurity.com/ under the title "Latest"

    -------------------------------------------------

    Private, vetted email list for mental health professionals: clinicians-exchange.org

    Healthcare security & privacy posts not related to IT or infosec are at @HIPAABot . Even so, they mix in some infosec with the legal & regulatory information.

    -------------------------------------------------

    #security #healthcare #doctors #itsecurity #hacking #doxxing #psychotherapy #securitynews #psychotherapist #mentalhealth #psychiatry #hospital #socialwork #datasecurity #webbeacons #cookies #HIPAA #privacy #datanalytics #healthcaresecurity #healthitsecurity #patientrecords @infosec #telehealth #netneutrality #socialengineering

  39. DATE: July 10, 2026 at 05:23PM
    SOURCE: HEALTHCARE INFO SECURITY

    Direct article link at end of text block below.

    #AI Threats Put #Healthcare Vendors in #Hackers' Crosshairs: #HIPAA #BusinessAssociates Tied to 50% of #DataBreach Victims as #AI-Aided Attacks Loom t.co/BM2ieuq230 #wallofshame @HHSOCR

    Here are any URLs found in the article text:

    t.co/BM2ieuq230

    Articles can be found by scrolling down the page at healthcareinfosecurity.com/ under the title "Latest"

    -------------------------------------------------

    Private, vetted email list for mental health professionals: clinicians-exchange.org

    Healthcare security & privacy posts not related to IT or infosec are at @HIPAABot . Even so, they mix in some infosec with the legal & regulatory information.

    -------------------------------------------------

    #security #healthcare #doctors #itsecurity #hacking #doxxing #psychotherapy #securitynews #psychotherapist #mentalhealth #psychiatry #hospital #socialwork #datasecurity #webbeacons #cookies #HIPAA #privacy #datanalytics #healthcaresecurity #healthitsecurity #patientrecords @infosec #telehealth #netneutrality #socialengineering

  40. DATE: July 10, 2026 at 05:23PM
    SOURCE: HEALTHCARE INFO SECURITY

    Direct article link at end of text block below.

    #AI Threats Put #Healthcare Vendors in #Hackers' Crosshairs: #HIPAA #BusinessAssociates Tied to 50% of #DataBreach Victims as #AI-Aided Attacks Loom t.co/BM2ieuq230 #wallofshame @HHSOCR

    Here are any URLs found in the article text:

    t.co/BM2ieuq230

    Articles can be found by scrolling down the page at healthcareinfosecurity.com/ under the title "Latest"

    -------------------------------------------------

    Private, vetted email list for mental health professionals: clinicians-exchange.org

    Healthcare security & privacy posts not related to IT or infosec are at @HIPAABot . Even so, they mix in some infosec with the legal & regulatory information.

    -------------------------------------------------

    #security #healthcare #doctors #itsecurity #hacking #doxxing #psychotherapy #securitynews #psychotherapist #mentalhealth #psychiatry #hospital #socialwork #datasecurity #webbeacons #cookies #HIPAA #privacy #datanalytics #healthcaresecurity #healthitsecurity #patientrecords @infosec #telehealth #netneutrality #socialengineering

  41. DATE: July 10, 2026 at 05:18PM
    SOURCE: HEALTHCARE INFO SECURITY

    Direct article link at end of text block below.

    Why #AI Can't Fix Broken #Healthcare Processes, Bad Data: Peter Justen of #AmeriTrustSolutions on How Data Integrity Affects Benefits Administration t.co/i9vDNxCIyn

    Here are any URLs found in the article text:

    t.co/i9vDNxCIyn

    Articles can be found by scrolling down the page at healthcareinfosecurity.com/ under the title "Latest"

    -------------------------------------------------

    Private, vetted email list for mental health professionals: clinicians-exchange.org

    Healthcare security & privacy posts not related to IT or infosec are at @HIPAABot . Even so, they mix in some infosec with the legal & regulatory information.

    -------------------------------------------------

    #security #healthcare #doctors #itsecurity #hacking #doxxing #psychotherapy #securitynews #psychotherapist #mentalhealth #psychiatry #hospital #socialwork #datasecurity #webbeacons #cookies #HIPAA #privacy #datanalytics #healthcaresecurity #healthitsecurity #patientrecords @infosec #telehealth #netneutrality #socialengineering

  42. DATE: July 10, 2026 at 05:18PM
    SOURCE: HEALTHCARE INFO SECURITY

    Direct article link at end of text block below.

    Why #AI Can't Fix Broken #Healthcare Processes, Bad Data: Peter Justen of #AmeriTrustSolutions on How Data Integrity Affects Benefits Administration t.co/i9vDNxCIyn

    Here are any URLs found in the article text:

    t.co/i9vDNxCIyn

    Articles can be found by scrolling down the page at healthcareinfosecurity.com/ under the title "Latest"

    -------------------------------------------------

    Private, vetted email list for mental health professionals: clinicians-exchange.org

    Healthcare security & privacy posts not related to IT or infosec are at @HIPAABot . Even so, they mix in some infosec with the legal & regulatory information.

    -------------------------------------------------

    #security #healthcare #doctors #itsecurity #hacking #doxxing #psychotherapy #securitynews #psychotherapist #mentalhealth #psychiatry #hospital #socialwork #datasecurity #webbeacons #cookies #HIPAA #privacy #datanalytics #healthcaresecurity #healthitsecurity #patientrecords @infosec #telehealth #netneutrality #socialengineering

  43. DATE: July 10, 2026 at 05:18PM
    SOURCE: HEALTHCARE INFO SECURITY

    Direct article link at end of text block below.

    Why #AI Can't Fix Broken #Healthcare Processes, Bad Data: Peter Justen of #AmeriTrustSolutions on How Data Integrity Affects Benefits Administration t.co/i9vDNxCIyn

    Here are any URLs found in the article text:

    t.co/i9vDNxCIyn

    Articles can be found by scrolling down the page at healthcareinfosecurity.com/ under the title "Latest"

    -------------------------------------------------

    Private, vetted email list for mental health professionals: clinicians-exchange.org

    Healthcare security & privacy posts not related to IT or infosec are at @HIPAABot . Even so, they mix in some infosec with the legal & regulatory information.

    -------------------------------------------------

    #security #healthcare #doctors #itsecurity #hacking #doxxing #psychotherapy #securitynews #psychotherapist #mentalhealth #psychiatry #hospital #socialwork #datasecurity #webbeacons #cookies #HIPAA #privacy #datanalytics #healthcaresecurity #healthitsecurity #patientrecords @infosec #telehealth #netneutrality #socialengineering

  44. DATE: July 10, 2026 at 05:18PM
    SOURCE: HEALTHCARE INFO SECURITY

    Direct article link at end of text block below.

    Why #AI Can't Fix Broken #Healthcare Processes, Bad Data: Peter Justen of #AmeriTrustSolutions on How Data Integrity Affects Benefits Administration t.co/i9vDNxCIyn

    Here are any URLs found in the article text:

    t.co/i9vDNxCIyn

    Articles can be found by scrolling down the page at healthcareinfosecurity.com/ under the title "Latest"

    -------------------------------------------------

    Private, vetted email list for mental health professionals: clinicians-exchange.org

    Healthcare security & privacy posts not related to IT or infosec are at @HIPAABot . Even so, they mix in some infosec with the legal & regulatory information.

    -------------------------------------------------

    #security #healthcare #doctors #itsecurity #hacking #doxxing #psychotherapy #securitynews #psychotherapist #mentalhealth #psychiatry #hospital #socialwork #datasecurity #webbeacons #cookies #HIPAA #privacy #datanalytics #healthcaresecurity #healthitsecurity #patientrecords @infosec #telehealth #netneutrality #socialengineering

  45. Fake Banking Rewards, Telegram Delivery and Albiriox: Anatomy of an Android Malware Campaign

    A malicious campaign was detected impersonating an Italian banking brand through a fraudulent domain offering fake financial rewards for installing a mobile application. Users are redirected to a Telegram bot that distributes a malicious Android APK outside official app stores. The APK functions as a dropper containing an embedded second-stage payload identified as Albiriox, an Android banking Remote Access Trojan. This payload exploits Accessibility services, implements overlay attacks, intercepts SMS messages, captures credentials, and enables remote device control through a custom TCP-based command-and-control protocol. The infrastructure uses domain impersonation and social engineering with financial incentives to distribute the malware. Communication occurs via raw TCP sockets to endpoints on ports 5555 and 5552, with JSON messages framed using big-endian length prefixes. Attribution to Albiriox is supported by protocol similarities, behavioral patterns, and comparison with known Albiriox samples.

    Pulse ID: 6a501da5e79e415cb0ec861e
    Pulse Link: otx.alienvault.com/pulse/6a501
    Pulse Author: AlienVault
    Created: 2026-07-09 22:16:05

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #APK #Android #Bank #CyberSecurity #Endpoint #InfoSec #Italian #Malware #NATO #OTX #OpenThreatExchange #RCE #RemoteAccessTrojan #SMS #SocialEngineering #TCP #Telegram #Trojan #bot #AlienVault

  46. Fake Banking Rewards, Telegram Delivery and Albiriox: Anatomy of an Android Malware Campaign

    A malicious campaign was detected impersonating an Italian banking brand through a fraudulent domain offering fake financial rewards for installing a mobile application. Users are redirected to a Telegram bot that distributes a malicious Android APK outside official app stores. The APK functions as a dropper containing an embedded second-stage payload identified as Albiriox, an Android banking Remote Access Trojan. This payload exploits Accessibility services, implements overlay attacks, intercepts SMS messages, captures credentials, and enables remote device control through a custom TCP-based command-and-control protocol. The infrastructure uses domain impersonation and social engineering with financial incentives to distribute the malware. Communication occurs via raw TCP sockets to endpoints on ports 5555 and 5552, with JSON messages framed using big-endian length prefixes. Attribution to Albiriox is supported by protocol similarities, behavioral patterns, and comparison with known Albiriox samples.

    Pulse ID: 6a501da5e79e415cb0ec861e
    Pulse Link: otx.alienvault.com/pulse/6a501
    Pulse Author: AlienVault
    Created: 2026-07-09 22:16:05

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #APK #Android #Bank #CyberSecurity #Endpoint #InfoSec #Italian #Malware #NATO #OTX #OpenThreatExchange #RCE #RemoteAccessTrojan #SMS #SocialEngineering #TCP #Telegram #Trojan #bot #AlienVault

  47. Fake Banking Rewards, Telegram Delivery and Albiriox: Anatomy of an Android Malware Campaign

    A malicious campaign was detected impersonating an Italian banking brand through a fraudulent domain offering fake financial rewards for installing a mobile application. Users are redirected to a Telegram bot that distributes a malicious Android APK outside official app stores. The APK functions as a dropper containing an embedded second-stage payload identified as Albiriox, an Android banking Remote Access Trojan. This payload exploits Accessibility services, implements overlay attacks, intercepts SMS messages, captures credentials, and enables remote device control through a custom TCP-based command-and-control protocol. The infrastructure uses domain impersonation and social engineering with financial incentives to distribute the malware. Communication occurs via raw TCP sockets to endpoints on ports 5555 and 5552, with JSON messages framed using big-endian length prefixes. Attribution to Albiriox is supported by protocol similarities, behavioral patterns, and comparison with known Albiriox samples.

    Pulse ID: 6a501da5e79e415cb0ec861e
    Pulse Link: otx.alienvault.com/pulse/6a501
    Pulse Author: AlienVault
    Created: 2026-07-09 22:16:05

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #APK #Android #Bank #CyberSecurity #Endpoint #InfoSec #Italian #Malware #NATO #OTX #OpenThreatExchange #RCE #RemoteAccessTrojan #SMS #SocialEngineering #TCP #Telegram #Trojan #bot #AlienVault