Accountability and Advertising - Cyber Security Informer

The great Google Ads heist: criminals ransack advertiser accounts via fake Google ads

Malwarebytes

JANUARY 15, 2025

Table of contents Overview Criminals impersonate Google Ads Lures hosted on Google Sites Phishing for Google account credentials Victimology Who is behind these campaigns? The scheme consists of stealing as many advertiser accounts as possible by impersonating Google Ads and redirecting victims to fake login pages.

Advertising

Advertising Accountability Phishing Scams

FBI, Dutch Police Disrupt ‘Manipulaters’ Phishing Gang

Krebs on Security

JANUARY 31, 2025

. “The Saim Raza-run websites operated as marketplaces that advertised and facilitated the sale of tools such as phishing kits, scam pages and email extractors often used to build and maintain fraud operations,” the DOJ explained.

Phishing

Phishing Cybercrime Advertising Malware

Booking.com Phishers May Leave You With Reservations

Krebs on Security

NOVEMBER 1, 2024

.” “That said, the phishing attacks stem from partners’ machines being compromised with malware, which has enabled them to also gain access to the partners’ accounts and to send the messages that your reader has flagged,” they continued. SecureWorks said these attacks had been going on since at least March 2023.

Phishing

Phishing Accountability Cybercrime Artificial Intelligence

Web Hacking Service ‘Araneida’ Tied to Turkish IT Firm

Krebs on Security

DECEMBER 19, 2024

Silent Push said Araneida is being advertised by an eponymous user on multiple cybercrime forums. ” According to Intel 471, this same Discord account was advertised in 2019 by a person on the cybercrime forum Cracked who used the monikers “ ORN ” and “ ori0n.” 2023 on the forum Cracked.

Hacking

Hacking Cybercrime Advertising Data breaches

Fintech Giant Finastra Investigating Data Breach

Krebs on Security

NOVEMBER 19, 2024

The original October 31 post from abyss0, where they advertise the sale of data from several large banks that are customers of a large financial software company. A review of abyss0’s posts to BreachForums reveals this user has offered to sell databases stolen in several dozen other breaches advertised over the past six months.

Data breaches

Data breaches Banking Cybercrime Advertising

A Day in the Life of a Prolific Voice Phishing Crew

Krebs on Security

JANUARY 7, 2025

Besieged by scammers seeking to phish user accounts over the telephone, Apple and Google frequently caution that they will never reach out unbidden to users this way. The phishers also abused legitimate Google services to send Tony an email from google.com, and to send a Google account recovery prompt to all of his signed-in devices.

Phishing

Phishing Cryptocurrency Accountability Social Engineering

Pakistani Firm Shipped Fentanyl Analogs, Scams to US

Krebs on Security

MAY 7, 2025

com were paid for by the same account advertising a number of scam websites selling logo and web design services. Those website names were then fed into spyfu.com , a competitive intelligence company that tracks the reach and performance of advertising keywords. The Google ads promoting quranmasteronline[.]com

Scams

Scams Marketing Advertising Technology

How Cryptocurrency Turns to Cash in Russian Banks

Krebs on Security

DECEMBER 11, 2024

The 122 services targeted in Sanders’ research include some of the more prominent businesses advertising on the cybercrime forums today, such as: -abuse-friendly or “bulletproof” hosting providers like anonvm[.]wtf, wtf, and PQHosting ; -sites selling aged email, financial, or social media accounts, such as verif[.]work

Cryptocurrency

Cryptocurrency Banking Cybercrime Advertising

Fake bank ads on Instagram scam victims out of money

Malwarebytes

JUNE 18, 2025

From there, it’s likely the scammers will empty the bank account and move on to their next victim. These scammers demand immediate payment or action to avoid further impacts, which can dupe individuals into inadvertently sending money to a fraudulent account. On X we see invites like these several times a week.

Banking

Banking Scams Advertising Identity Theft

DoJ seized credit card marketplace PopeyeTools and charges its administrators

Security Affairs

NOVEMBER 24, 2024

Stolen information offered for sale on the carding website included bank account, credit card, and debit card numbers and associated information for conducting transactions. seized $283,000 in cryptocurrency from an account linked to Sami as part of actions against the illicit activities of PopeyeTools. million in revenue.

Cybercrime

Cybercrime Cryptocurrency Banking Accountability

Repeat offenders drive bulk of tech support scams via Google Ads

Malwarebytes

DECEMBER 3, 2024

While hard to measure precisely, tech support scams accounted for $924M, according to the FBI’s 2023 Internet Crime Report. We’ve identified specific advertiser accounts that make up the bulk of fraudulent ads we have reported to Google this past year.

Scams

Scams Advertising Accountability Engineering

Who’s Behind the Seized Forums ‘Cracked’ & ‘Nulled’?

Krebs on Security

FEBRUARY 4, 2025

In addition, the government seized the domain names for two popular anonymity services that were heavily advertised on Cracked and Nulled and allowed customers to rent virtual servers: StarkRDP[.]io The email address used for those accounts was f.grimpe@gmail.com. io , and rdp[.]sh. lol and nulled[.]it.

eCommerce

eCommerce Cybercrime Accountability Hacking

Phishing-as-a-Service Rockstar 2FA continues to be prevalent

Security Affairs

NOVEMBER 29, 2024

Rockstar 2FA targets Microsoft 365 accounts and bypasses multi-factor authentication with adversary-in-the-middle (AitM) attacks. Authors advertise Rockstar 2FA as a phishing-as-a-service toolkit that bypasses 2FA, harvests cookies, and features FUD links, antibot tools, and custom themes. ” concludes the report.

Phishing

Phishing Accountability Authentication Advertising

FBI warns of malicious free online document converters spreading malware

Security Affairs

MARCH 24, 2025

” Fake file converters and download tools may perform advertised tasks but can provide resulting files containing hidden malware, giving criminals access to victims’ devices. If users fall victim to this scam, immediately contact their financial institutions, secure their accounts, and change all passwords using a trusted device.

Malware

Malware Scams Identity Theft Antivirus

An Interview With the Target & Home Depot Hacker

Krebs on Security

NOVEMBER 14, 2024

That investigation detailed how the 38-year-old Shefel adopted the nickname Rescator while working as vice president of payments at ChronoPay , a Russian financial company that paid spammers to advertise fake antivirus scams, male enhancement drugs and knockoff pharmaceuticals. “Hi, how are you?” ” he inquired.

Advertising

Advertising Retail Cryptocurrency Cybercrime

Election season raises fears for nearly a third of people who worry their vote could be leaked

Malwarebytes

OCTOBER 15, 2024

Unlike any other season in America, election season might bring the highest volume of advertisements sent directly to people’s homes, phones, and email accounts—and the accuracy and speed at which they come can feel invasive. The reasons could be obvious. Instead, it may point to how people interpret “cyber interference.

Scams

Scams Identity Theft Cybercrime Accountability

Is nowhere safe from AI slop? (Lock and Code S05E27)

Malwarebytes

DECEMBER 30, 2024

To rack up millions of views, a fall aesthetic account on X might post an AI-generated image of a candle-lit caf table overlooking a rainy, romantic street. Or, to sway public opinion, a social media account may post an AI-generated image of a child stranded during a flood with the caption Our government has failed us again.

Accountability

Accountability Advertising Media Government

Android devices track you before you even sign in

Malwarebytes

MARCH 12, 2025

Google is spying on Android users, starting from even before they have logged in to their Google account. The researchers found that multiple identifiers are used to track the user of an Android handset, even before they have opened a Google app or signed in to their Google account. Ever considered not telling them who I am?

Advertising

Advertising Accountability Marketing Engineering

Happy 15th Anniversary, KrebsOnSecurity!

Krebs on Security

DECEMBER 29, 2024

Much of my summer was spent reporting a story about how advertising and marketing firms have created a global free-for-all where anyone can track the daily movements and associations of hundreds of millions of mobile devices , thanks to the ubiquity of mobile location data that is broadly and cheaply available.

Scams

Scams Cybercrime Cryptocurrency Social Engineering

Irish Data Protection Commission (DPC) fined Meta €251 million for a 2018 data breach

Security Affairs

DECEMBER 18, 2024

The Irish Data Protection Commission (DPC) fined Meta 251 million ($263M) for a 2018 data breach impacting 29 million Facebook accounts. “This data breach impacted approximately 29 million Facebook accounts globally, of which approximately 3 million were based in the EU/EEA. ” reads the press release published by DPC.

Data breaches

Data breaches Accountability Risk Advertising

23andMe bankruptcy: How to delete your data and stay safe from the 2023 breach

Malwarebytes

MARCH 25, 2025

That has worried some experts who have pointed out that a new owner could, for instance, hand over customer data to insurance companies to hike up monthly premiums, or to data brokers to power increasingly invasive, targeted advertising. Under Settings , scroll to the section titled 23andMe data. Select View. Take your time.

Passwords

Passwords Data breaches Accountability Phishing

Phishing-as-a-Service Rockstar 2FA continues to be prevalent

Security Affairs

NOVEMBER 29, 2024

Rockstar 2FA targets Microsoft 365 accounts and bypasses multi-factor authentication with adversary-in-the-middle (AitM) attacks. Authors advertise Rockstar 2FA as a phishing-as-a-service toolkit that bypasses 2FA, harvests cookies, and features FUD links, antibot tools, and custom themes. ” concludes the report.

Phishing

Phishing Accountability Authentication Advertising

March Madness Meets Cyber Mayhem: How Cybercriminals Are Playing Offense this Season

SecureWorld News

MARCH 20, 2025

Attackers are mimicking tournament brackets, betting promotions, and registration formstricking users into handing over credentials or linking bank accounts to fraudulent sites. A simple click on what seems like an innocent bracket challenge or promo offer can lead to compromised financial accounts before tipoff.

Scams

Scams Social Engineering Phishing Mobile

4.7 million customers’ data accidentally leaked to Google by Blue Shield of California

Malwarebytes

APRIL 24, 2025

The tech giant may have used this data for targeted advertising, according to Blue Shield, which is one of the largest health insurers in the US. In this case, a simple misconfiguration shared data with an entitythat already knows so much about usthat then used the information for targeted advertising. Take your time.

Insurance

Insurance Data breaches Passwords Phishing

Law enforcement seized the domains of HeartSender cybercrime marketplaces

Security Affairs

FEBRUARY 2, 2025

The Saim Raza group run multiple marketplaces that advertised and facilitated the sale of hacking and fraud tools, including malware, phishing kits and email extractors. The HeartSender group advertised its tools as fully undetectable by antispam software. . These tools are essential components to build and run fraud operations.

Cybercrime

Cybercrime Advertising Phishing Hacking

DNA testing company vanishes along with its customers’ genetic data

Malwarebytes

NOVEMBER 12, 2024

All the company’s social media accounts haven’t been updated since 2023 at the latest. This makes the information a treasure trove for advertisers, insurance companies, and Big Pharma. Lie if you must and create a separate free email account so the information can’t be tied to your main account.

Insurance

Insurance Accountability Risk Data breaches

Semrush impersonation scam hits Google Ads

Malwarebytes

MARCH 20, 2025

This blog post was co-authored with Elie Berreby, Senior SEO Strategist Criminals are highly interested in online marketing and advertising tools that they can leverage as part of their ongoing malware campaigns. We believe this is because the threat actors are primarily interested in harvesting Google accounts.

Scams

Scams Accountability Phishing Advertising

GUESST ESSAY: Cybercrime for hire: small businesses are the new bullseye of the Dark Web

The Last Watchdog

MAY 15, 2025

Small businesses make up 90% of all companies worldwide and account for half of global GDP. Recent Guardz research shows that more than 15% of the tools advertised on dark web forums target vulnerabilities like EternalBlue , a known Windows flaw dating back to 2017 that still hasnt been fully remediated across the globe.

Small Business

Small Business Cybercrime Cyber Insurance Phishing

Pakistan Arrests 21 in ‘Heartsender’ Malware Service

Krebs on Security

MAY 28, 2025

A report from the Pakistani media outlet Dawn states that authorities there arrested 21 people alleged to have operated Heartsender, a spam delivery service whose homepage openly advertised phishing kits targeting users of various Internet companies, including Microsoft 365, Yahoo, AOL, Intuit, iCloud and ID.me.

Malware

Malware Cybercrime Antivirus Scams

CTM360 Identifies Surge in Phishing Attacks Targeting Meta Business Users

The Hacker News

MAY 14, 2025

This campaign specifically aims at hijacking high-value accounts, including those managing advertising and official brand pages. A new global phishing threat called "Meta Mirage" has been uncovered, targeting businesses using Meta's Business Suite.

Phishing

Phishing Advertising Accountability Cybersecurity

Fake AI Video Tools Spreading New “Noodlophile” Malware, Targets Thousands on Facebook

eSecurity Planet

MAY 11, 2025

Instead of relying on traditional phishing or cracked software sites, they build convincing AI-themed platforms often advertised via legitimate-looking Facebook groups and viral social media campaigns, said Shmuel Uzan, a researcher at Morphisec. It often comes bundled with tools labeled Get Cookie + Pass, used for hijacking user accounts.

Malware

Malware Scams Media Artificial Intelligence

PayPal’s “no-code checkout” abused by scammers

Malwarebytes

FEBRUARY 27, 2025

Overview Scammers are creating ads impersonating PayPal from various advertiser accounts that may have been hacked. This is not a coincidence of course, and is why search advertising is worth billions of dollars. The ad displays the official website for PayPal, yet is completely fraudulent.

Scams

Scams Mobile Small Business Advertising

Urgent WordPress Alert: Motors Theme Flaw (CVE-2025-4322) Actively Exploited for Site Takeover

Penetration Testing

JUNE 20, 2025

This vulnerability makes it possible for an unauthenticated attacker to change the password of any user, including an administrator, which allows them to take over the account and the website ,” Wordfence warned in its blog post. user_id=3&hash_check=%80 POST /account/?user_id=1&hash_check=%25C0

Accountability

Accountability Passwords Penetration Testing Firewall

86 million AT&T customer records reportedly up for sale on the dark web

Zero Day

JUNE 6, 2025

Collectively, they could easily put affected customers at risk for account takeovers and identity theft. million former account holders. This leak reportedly included full names, dates of birth email addresses, mailing addresses, phone numbers, social security numbers, and AT&T account numbers. All rights reserved.

Password Management

Password Management Passwords Identity Theft Software

Romantic Lawsuit for Two? Don't Let Cybercriminals Scam You this Valentine's Day

SecureWorld News

FEBRUARY 14, 2025

And 2025 will be no different, as increasingly sophisticated online hackers seek to take advantage of Valentine's themed email traffic, social media advertisements, or marketing campaigns, and exploit heightened emotions and a desire to connect. Last year saw a 110% rise in cybercrime in the lead up to Valentine's Day.

Scams

Scams Cybercrime Phishing Social Engineering

QR codes sent in attachments are the new favorite for phishers

Malwarebytes

APRIL 3, 2025

Phones are also likely personal devices which provide attackers with a direct path to sensitive personal accounts. Personal email addresses would see generic advertising, but corporate email addresses would be prompted to log in with their Microsoft account.

Phishing

Phishing Banking Mobile Accountability

New SteelFox Trojan mimics software activators, stealing sensitive data and mining cryptocurrency

SecureList

NOVEMBER 6, 2024

While these droppers do have the advertised functionality, they also deliver sophisticated malware right onto the user’s computer. Malicious dropper advertisement SteelFox dropper In this research, we describe the sample imitating an activator for Foxit PDF Editor.

Software

Software Cryptocurrency Malware DNS

New AI “agents” could hold people for ransom in 2025

Malwarebytes

FEBRUARY 4, 2025

And yet, if artificial intelligence achieves what is called an agentic model in 2025, novel and boundless attacks could be within reach, as AI tools take on the roles of agents that independently discover vulnerabilities, steal logins, and pry into accounts. Importantly, the attack methods here are not new. But sometimes the AI pushes back.

Artificial Intelligence

Artificial Intelligence Small Business Malware Technology

Dark web threats and dark market predictions for 2025

SecureList

DECEMBER 16, 2024

In 2024, our expert observations indicate that commercial advertising for these cryptors have indeed gained momentum. In some cases, these attacks result in significant data breaches, such as the case where attackers allegedly accessed Ticketmaster’s Snowflake cloud account by breaching a third-party contractor.

Marketing

Marketing Data breaches Cryptocurrency Malware

Security Affairs newsletter Round 494 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

OCTOBER 20, 2024

CISA adds Fortinet products and Ivanti CSA bugs to its Known Exploited Vulnerabilities catalog Nation-state actor exploited three Ivanti CSA zero-days Dutch police dismantled dual dark web market ‘Bohemia/Cannabia’ macOS HM Surf flaw in TCC allows bypass Safari privacy settings Iran-linked actors target critical infrastructure organizations (..)

Data breaches

Data breaches Cybercrime Cyber Insurance Marketing

Threat Spotlight: Inside the World’s Fastest Rising Ransomware Operator — BlackLock

Digital Shadows

FEBRUARY 17, 2025

At first glance, BlackLocks advertisements on ransomware forums may seem similar to other big players, boasting multi-platform support and advanced encryption. The most notable observation was the sheer volume of activity on BlackLocks RAMP account. The table below shows the comparable engagement of other RaaS representatives.

Ransomware

Ransomware Malware Risk Accountability

Why SMS two-factor authentication codes aren't safe and what to use instead

Zero Day

JUNE 17, 2025

PT kontekbrothers/Getty We've probably all received confirmation codes sent via text message when trying to sign into an account. Those codes are supposed to serve as two-factor authentication to confirm our identity and prevent scammers from accessing our accounts through a password alone. All rights reserved.

Authentication

Authentication Password Management Small Business Passwords

IT threat evolution in Q3 2024. Non-mobile statistics

SecureList

NOVEMBER 29, 2024

The third quarter’s most prolific ransomware gang was RansomHub, which accounted for 17.75% of all victims. For example, AdWare.OSX.Angent.ap (9%) adds advertising links as browser bookmarks without the user’s knowledge. Adware and other potentially unwanted applications were as usual the most widespread threats for macOS.

Mobile

Mobile Adware Ransomware Malware

Triada strikes back

SecureList

APRIL 25, 2025

Malicious task code Initially, the malicious task tries to obtain the victim’s account details. Deserializing victim account details The malware sends the following user information to the C2 server if it has not done so previously: A serialized string containing the victim’s account details. db database.

Cryptocurrency

Cryptocurrency Malware Firmware Accountability

The great Google Ads heist: criminals ransack advertiser accounts via fake Google ads

FBI, Dutch Police Disrupt ‘Manipulaters’ Phishing Gang

Trending Sources

Booking.com Phishers May Leave You With Reservations

Web Hacking Service ‘Araneida’ Tied to Turkish IT Firm

Fintech Giant Finastra Investigating Data Breach

A Day in the Life of a Prolific Voice Phishing Crew

Pakistani Firm Shipped Fentanyl Analogs, Scams to US

How Cryptocurrency Turns to Cash in Russian Banks

Fake bank ads on Instagram scam victims out of money

DoJ seized credit card marketplace PopeyeTools and charges its administrators

Repeat offenders drive bulk of tech support scams via Google Ads

Who’s Behind the Seized Forums ‘Cracked’ & ‘Nulled’?

Phishing-as-a-Service Rockstar 2FA continues to be prevalent

FBI warns of malicious free online document converters spreading malware

An Interview With the Target & Home Depot Hacker

Election season raises fears for nearly a third of people who worry their vote could be leaked

Is nowhere safe from AI slop? (Lock and Code S05E27)

Android devices track you before you even sign in

Happy 15th Anniversary, KrebsOnSecurity!

Irish Data Protection Commission (DPC) fined Meta €251 million for a 2018 data breach

23andMe bankruptcy: How to delete your data and stay safe from the 2023 breach

Phishing-as-a-Service Rockstar 2FA continues to be prevalent

March Madness Meets Cyber Mayhem: How Cybercriminals Are Playing Offense this Season

4.7 million customers’ data accidentally leaked to Google by Blue Shield of California

Law enforcement seized the domains of HeartSender cybercrime marketplaces

DNA testing company vanishes along with its customers’ genetic data

Semrush impersonation scam hits Google Ads

GUESST ESSAY: Cybercrime for hire: small businesses are the new bullseye of the Dark Web

Pakistan Arrests 21 in ‘Heartsender’ Malware Service

CTM360 Identifies Surge in Phishing Attacks Targeting Meta Business Users

Fake AI Video Tools Spreading New “Noodlophile” Malware, Targets Thousands on Facebook

PayPal’s “no-code checkout” abused by scammers

Urgent WordPress Alert: Motors Theme Flaw (CVE-2025-4322) Actively Exploited for Site Takeover

86 million AT&T customer records reportedly up for sale on the dark web

Romantic Lawsuit for Two? Don't Let Cybercriminals Scam You this Valentine's Day

QR codes sent in attachments are the new favorite for phishers

New SteelFox Trojan mimics software activators, stealing sensitive data and mining cryptocurrency

New AI “agents” could hold people for ransom in 2025

Dark web threats and dark market predictions for 2025

Security Affairs newsletter Round 494 by Pierluigi Paganini – INTERNATIONAL EDITION

Threat Spotlight: Inside the World’s Fastest Rising Ransomware Operator — BlackLock

Why SMS two-factor authentication codes aren't safe and what to use instead

IT threat evolution in Q3 2024. Non-mobile statistics

Triada strikes back

Stay Connected