Russian hackers exploit Signal's "linked devices" for phishing and malware.
#Russia #Signal #phishing #malware
https://cnews.link/russian-hackers-targeting-signal-spying-1/
Russian hackers exploit Signal's "linked devices" for phishing and malware.
#Russia #Signal #phishing #malware
https://cnews.link/russian-hackers-targeting-signal-spying-1/
The Browser as a New Cybersecurity Battleground: Evolving Threats and Defense Strategies
As cybercriminals shift their focus to browser-based attacks, traditional security measures are proving inadequate. This article explores the emerging threats within browsers and the need for innovati...
The attack is carried out through users following instructions, such as downloading a REG file that adds a #malicious script to Autorun. While exploiting Autorun has been rarely used recently, we found a sample actively using this method.
PDF
Upon system reboot, the #VBS file launches #PowerShell, triggering an execution chain that ultimately infects the operating system with #malware.
This puts organizations at risk by allowing attackers to evade detection, potentially leading to data breaches and access to sensitive data. #ANYRUN Sandbox offers full control over the VM, which allows you to interact with malware and manipulate its behavior.
https://app.any.run/tasks/068db7e4-6ff2-439a-bee8-06efa7abfabc/?utm_source=mastodon&utm_medium=post&utm_campaign=stegocampaign&utm_term=190225&utm_content=linktoservice
https://app.any.run/tasks/f9f07ae8-343f-4ea5-9499-a18f7c8534ef/?utm_source=mastodon&utm_medium=post&utm_campaign=stegocampaign&utm_term=190225&utm_content=linktoservice
https://intelligence.any.run/analysis/lookup?utm_source=mastodon&utm_medium=post&utm_campaign=stegocampaign&utm_content=linktoti&utm_term=190225#%7B%22query%22:%22domainName:%5C%22filemail.com$%5C%22%22,%22dateRange%22:180%7D
Analyze and investigate the latest malware and phishing threats with #ANYRUN
Darktrace Releases Annual 2024 Threat Insights https://darktrace.com/blog/darktrace-releases-annual-2024-threat-insights @darktracer_int
More:
Betanews: Malware-as-a-Service accounts for 57 percent of all threats https://betanews.com/2025/02/19/malware-as-a-service-accounts-for-57-percent-of-all-threats/ @betanews @iandbarker #cybersecurity #infosec #malware
Malware-as-a-Service accounts for 57 percent of all threats #Malware #CyberSecurity
https://betanews.com/2025/02/19/malware-as-a-service-accounts-for-57-percent-of-all-threats/
Hackers use Google Docs and other trusted platforms to stealthily control data-stealing malware.
New FrigidStealer macOS Malware Distributed as Fake Browser Update https://www.securityweek.com/new-frigidstealer-macos-malware-distributed-as-fake-browser-update/ #Malware&Threats #FrigidStealer #macOSmalware #malware
New FrigidStealer macOS Malware Distributed as Fake Browser Update https://www.securityweek.com/new-frigidstealer-macos-malware-distributed-as-fake-browser-update/ #Malware&Threats #FrigidStealer #macOSmalware #malware
Here’s a reminder of what’s new for "authenticated" users:
... and much more!
Time for a break from asking you fill in our little survey about reliability of computer evidence ( https://forms.gle/ZiXtaE8LoCAY4Vbo6 ).
We've been commissioned to do some work on "judicial malware" - the deployment of something that looks like malware in order to retrieve evidence. What are the questions we should be asking? (and what are your answers?)
Punkteklau im Supermarkt: Cyberkriminelle stehlen Rewe-Bonuspunkte
Über eine Funktion zum gemeinsamen Sammeln klauen Gauner derzeit in einer Bonus-App Guthaben und versilbern es im Markt. Was hinter der Masche steckt.
#Cyberangriffe #Datenschutz #Malware #Datendiebstahl #Datenklau #eCommerce #Magecart #Magento #Skimming https://sc.tarnkappe.info/addaeb
How Russian Hackers Are Exploiting Signal ‘Linked Devices’ Feature for Real-Time Spying https://www.securityweek.com/how-russian-hackers-are-exploiting-signals-linked-devices-for-real-time-spying/ #Malware&Threats #SignalMessenger #cyberespionage #NationState #Featured #Mandiant #Sandworm #QRcode #APT44
How Russian Hackers Are Exploiting Signal ‘Linked Devices’ Feature for Real-Time Spying https://www.securityweek.com/how-russian-hackers-are-exploiting-signals-linked-devices-for-real-time-spying/ #Malware&Threats #SignalMessenger #cyberespionage #NationState #Featured #Mandiant #Sandworm #QRcode #APT44
Cuidado com jogos piratas: Garry's Mod e BeamNG.drive infetados com 'miners'
FinalDraft : un malware qui utilise des brouillons d’e-mails Outlook pour communiquer ! https://www.it-connect.fr/finaldraft-malware-utilise-brouillons-e-mails-outlook-pour-communiquer/ #ActuCybersécurité #Cybersécurité #Malware #Outlook
Malware : XCSSET est de retour d’après Microsoft http://dlvr.it/TJ3pJg #Malware #XCSSET
Cybersecurity researchers have shed light on a new Golang-based #backdoor that uses Telegram as a mechanism for command-and-control (C2) communications. The #malware could be of Russian origin
https://thehackernews.com/2025/02/new-golang-based-backdoor-uses-telegram.html
Zhong Stealer Analysis: New Malware Targeting Fintech and Cryptocurrency
A new malware called Zhong Stealer has been identified targeting the cryptocurrency and fintech sectors through a phishing campaign. The attackers exploited chat support platforms, posing as customers to trick agents into downloading the malware. Zhong Stealer's execution flow involves multiple stages, including initial contact, downloader execution, persistence establishment, reconnaissance, credential theft, and data exfiltration. The malware uses various tactics such as disabling event logging, modifying registry keys, harvesting credentials, scheduling tasks, and communicating via non-standard ports. It exfiltrates stolen data to a command-and-control server in Hong Kong. Organizations are advised to train support teams, restrict file execution, monitor network traffic, and use real-time analysis tools to protect against this threat.
Pulse ID: 67b50f00d0d71213b3bbc065
Pulse Link: https://otx.alienvault.com/pulse/67b50f00d0d71213b3bbc065
Pulse Author: AlienVault
Created: 2025-02-18 22:51:44
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
Malicious Signal, Line, and Gmail Installers Target Chinese-Speaking Users with Backdoors
A malicious campaign is targeting Chinese-speaking users by distributing backdoored executables through fake download pages for popular apps like Signal, Line, and Gmail. The attackers use seemingly unrelated domain names and rely on search engine manipulation to lure victims. The malware follows a consistent execution pattern, involving temporary file extraction, process injection, security modifications, and network communications. It exhibits infostealer-like functionality and has been identified as 'MicroClip'. The campaign uses centralized infrastructure hosted on Alibaba servers in Hong Kong. Users are advised to be cautious of unofficial download sites and verify software sources to protect against such threats.
Pulse ID: 67b50f055ec9320f1c0ce50c
Pulse Link: https://otx.alienvault.com/pulse/67b50f055ec9320f1c0ce50c
Pulse Author: AlienVault
Created: 2025-02-18 22:51:49
Be advised, this data is unverified and should be considered preliminary. Always do further verification.