Create accountLogin

Recent searches

No recent searches

Search options

Only available when logged in.
mstdn.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
A general-purpose Mastodon server with a 500 character limit. All languages are welcome.

Administered by:

Server stats:

16K
active users

mstdn.social: AboutStatusProfiles directoryPrivacy policy

Mastodon: AboutGet the appKeyboard shortcutsView source codev4.3.4

#infostealer

6 posts6 participants3 posts today
Public
OTX Bot

The Wagmi Manual: Copy, Paste, and Profit

The Wagmi traffer group, operating since early 2023, specializes in NFT scams and cryptocurrency theft. They utilize sophisticated social engineering tactics, fake web3-themed games, and impersonation of legitimate projects to lure victims. Their operations have allegedly earned over $2.4 million between June 2023 and March 2025. The group employs various techniques, including seed phrase phishing and automated wallet address scraping from social media. They target users of NFT marketplaces and the Web3 community, using fake job offers and enticing game promotions. The group also engages in code signing certificate abuse to bypass security measures and increase infection rates. Their malware payloads include HijackLoader, Lumma C2 infostealer, Rhadamanthys stealer, and AMOS stealer for MacOS.

Pulse ID: 67f4faa0ced84c07a0fad6d8
Pulse Link: otx.alienvault.com/pulse/67f4f
Pulse Author: AlienVault
Created: 2025-04-08 10:29:52

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

LevelBlue Open Threat ExchangeLevelBlue - Open Threat ExchangeLearn about the latest cyber threats. Research, collaborate, and share threat intelligence in real time. Protect yourself and the community against today's emerging threats.
#AMOS#CyberSecurity#HijackLoader
Public
OTX Bot

Vidar Stealer: Infostealer malware discovered in Steam game

A recent analysis uncovered a sophisticated deployment of Vidar Stealer, an infamous information-stealing malware, disguised as a legitimate Microsoft Sysinternals tool, BGInfo.exe. The malware, found with an expired Microsoft signature, was significantly larger than the original file and contained modified initialization routines. It creates virtual memory allocations to execute its malicious code, ultimately extracting and running Vidar Stealer. This variant maintains its core functionalities, including credential theft, cryptocurrency wallet targeting, session hijacking, and cloud data theft. The incident highlights the evolving tactics of cybercriminals, emphasizing the need for vigilant threat hunting and proactive security measures.

Pulse ID: 67f42a4eca9270b211468d90
Pulse Link: otx.alienvault.com/pulse/67f42
Pulse Author: AlienVault
Created: 2025-04-07 19:41:02

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

LevelBlue Open Threat ExchangeLevelBlue - Open Threat ExchangeLearn about the latest cyber threats. Research, collaborate, and share threat intelligence in real time. Protect yourself and the community against today's emerging threats.
#Cloud#CyberSecurity#DataTheft
Public
OTX Bot

BeaverTail and Tropidoor Malware Distributed via Recruitment Emails

A sophisticated malware campaign has been uncovered, involving the distribution of BeaverTail and Tropidoor malware through fake recruitment emails. The attackers, suspected to be of North Korean origin, impersonated a developer community to lure victims into downloading malicious code. The campaign utilizes a downloader disguised as 'car.dll' and BeaverTail malware masquerading as 'tailwind.config.js'. BeaverTail functions as an infostealer and downloader, targeting web browsers and cryptocurrency wallets. Tropidoor, a backdoor malware, establishes communication with command and control servers, allowing remote execution of various commands. The attack methodology shares similarities with previous North Korean campaigns, including the use of techniques reminiscent of the Lazarus group's LightlessCan malware.

Pulse ID: 67ef0692d6ed151e2be71213
Pulse Link: otx.alienvault.com/pulse/67ef0
Pulse Author: AlienVault
Created: 2025-04-03 22:07:14

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

LevelBlue Open Threat ExchangeLevelBlue - Open Threat ExchangeLearn about the latest cyber threats. Research, collaborate, and share threat intelligence in real time. Protect yourself and the community against today's emerging threats.
#BackDoor#Browser#CyberSecurity
Public
Opalsec :verified:

malicious npm packages (again) targeting cryptocurrency projects, CEOs cranky over CVEs, and BlackLock gets pantsed - here's your Friday wrap up in Infosec News 👇

🔗 opalsec.io/daily-news-update-f

Here's a quick rundown of what's inside:

📦 npm Package Nightmare: 10 packages compromised by an infostealer campaign targeting developer environments. Sensitive data was siphoned off to a remote host. Most of the packages are still available on npm, so be careful!
🦊 Firefox Flaw: A critical sandbox escape vulnerability (CVE-2025-2857) patched in Firefox 136.0.4. Windows users, update ASAP! This one's similar to a Chrome zero-day used in espionage campaigns.
🏥 Ransomware Reckoning: Advanced, a UK healthcare IT provider, slapped with a £3.1 million fine after a LockBit ransomware attack. Lack of vulnerability scanning and poor patch management were key factors.
🌐 Extension Exploitation: Browser extensions can be bought and repurposed, posing a sneaky threat to enterprises. An extension was bought for $50 and was quickly repurposed to redirect traffic.
⚡ Solar Scare: Dozens of vulnerabilities in solar inverters could let attackers disrupt power grids. Remote code execution, device takeover, and more are possible.
😠 CrushFTP Clash: CEO responds aggressively to VulnCheck after critical unauthenticated access vulnerability (CVE-2025-2825) is released. Vulnerability disclosure and patching processes need to be improved!
🕵️‍♀️ Pegasus in Serbia: Journalists targeted with Pegasus spyware, marking the third time in two years that Amnesty has found Pegasus deployed against Serbian civil society.
🤖 Mamont Malware: Russian authorities arrest three for developing the Mamont Android banking trojan. This malware steals financial data and spreads through Telegram.
🦹 Ransomware Reverse: Resecurity infiltrates the BlackLock ransomware gang, gathering intel to help victims. LFI vulnerability exploited, and data shared with authorities.

Stay vigilant out there, folks! 🛡️

Opalsec · Daily News Update: Friday, March 28, 2025 (Australia/Melbourne)Infostealer Campaign Compromises 10 npm Packages Ten npm packages were updated with malicious code to steal environment variables and other sensitive data from developers' systems. The campaign targeted multiple cryptocurrency-related packages, and the popular 'country-currency-map' package was downloaded thousands of times a week. All these packages, except for country-currency-map, are
#Cybersecurity#InfoSec#Vulnerability
Public
nemo™ 🇺🇦

Security researchers jailbroke AI chatbots to create a Chrome infostealer using a novel technique called "Immersive World." 😱 This method requires no prior malware coding knowledge, lowering the barrier for cybercriminals. 🤖💻 Read more on TechRadar! ➡️ techradar.com/pro/security/ai- #AI #security #cybersecurity #infostealer #newz

TechRadar pro · AI chatbots jailbroken to create a Chrome infostealerBy Ellen Jennings-Trace
ExploreLive feeds
About