The Hacker News

JUNE 6, 2023

A recent malware campaign has been found to leverage Satacom downloader as a conduit to deploy stealthy malware capable of siphoning cryptocurrency using a rogue extension for Chromium-based browsers.

Cryptocurrency 79

Cryptocurrency Malware Accountability 79

Malwarebytes

FEBRUARY 27, 2024

For the most popular operating system in the world—which is Android and it isn’t even a contest —there’s a sneaky cyberthreat that can empty out a person’s bank accounts to fill the illicit coffers of cybercriminals. The ATS framework uses the harvested credentials to initiate unauthorized money transfers to accounts held by the attacker.

Banking 144

Banking Passwords Accountability Malware 144

The Hacker News

FEBRUARY 16, 2023

million weekly downloads has been found vulnerable to an account takeover attack. A popular npm package with more than 3.5 The package can be taken over by recovering an expired domain name for one of its maintainers and resetting the password," software supply chain security company Illustria said in a report.

Passwords 91

Passwords Accountability Software 91

Bleeping Computer

MARCH 22, 2023

A trojanized version of the legitimate ChatGPT extension for Chrome is gaining popularity on the Chrome Web Store, accumulating over 9,000 downloads while stealing Facebook accounts. [.]

Accountability 115

Accountability 115

The Hacker News

NOVEMBER 7, 2021

In what's yet another instance of supply chain attack targeting open-source software repositories, two popular NPM packages with cumulative weekly downloads of nearly 22 million were found to be compromised with malicious code by gaining unauthorized access to the respective developer's accounts.

Accountability 129

Accountability Software 129

Security Affairs

AUGUST 1, 2023

Researchers spotted a Python variant of the NodeStealer that was designed to take over Facebook business accounts and cryptocurrency wallets. The malicious code was designed to take over Facebook business accounts and steal funds from cryptocurrency wallets. ” reads the analysis published by Palo Alto Networks.

Accountability 93

Accountability Cryptocurrency Malware Phishing 93

Hot for Security

JANUARY 29, 2021

The company believes the incident occurred on January 4, 2021, after threat actors managed to trick employees into accessing and downloading malicious software on some retail-store computers. “A few employees in retail stores were successfully scammed by unauthorized individuals and downloaded software onto a store computer.”

Data breaches 133

Data breaches Wireless Retail Malware 133

Security Boulevard

JANUARY 5, 2023

On December 29, 2022, Slack was alerted to suspicious activity on their GitHub account. The threat actor had also downloaded private code repositories on December 27, but neither Slack’s primary [.]. The post Slack GitHub Account Hacked via Stolen Employee API Token appeared first on Wallarm.

Accountability 98

Accountability Hacking Data breaches 98

Security Affairs

APRIL 15, 2023

The apps totaled more than 100 million downloads in the ONE store and Google Play stores in South Korea. Below is the list of the apps using the malicious library that had the highest number of downloads: Package Name Application Name GooglePlay Downloads   GP Status com.lottemembers.android L.POINT with L.PAY 10M+ Updated* com.Monthly23.SwipeBrickBreaker

Data collection 97

Data collection Mobile Malware Education 97

Security Affairs

SEPTEMBER 25, 2022

For users with TOTP-based two-factor authentication (2FA) enabled, the phishing site also relays any TOTP codes to the threat actor and GitHub in real time, allowing the threat actor to break into accounts protected by TOTP-based 2FA. Accounts protected by hardware security keys are not vulnerable to this attack.” com circle-cl[.]com

Accountability 108

Accountability Phishing Authentication Passwords 108

Bleeping Computer

NOVEMBER 28, 2022

fake Android SMS application, with 100,000 downloads on the Google Play store, has been discovered to secretly act as an SMS relay for an account creation service for sites like Microsoft, Google, Instagram, Telegram, and Facebook [.].

Accountability 95

Accountability Mobile 95

Security Affairs

MARCH 22, 2023

A tainted version of the legitimate ChatGPT extension for Chrome, designed to steal Facebook accounts, has thousands of downloads. Guardio ’s security team uncovered a new variant of a malicious Chat-GPT Chrome Extension that was already downloaded by thousands a day. Left: The “FakeGPT” Variant on Chrome Store.

Accountability 92

Accountability Encryption Hacking Cybercrime 92

CyberSecurity Insiders

NOVEMBER 26, 2021

Google, the business subsidiary of tech giant Alphabet Inc, has released a report saying that the compromised cloud accounts were leading hackers to mine cryptocurrency that could prove as a double threat to customers. And then use a 2FA to add an extra layer of security protection to safeguard an online account.

Cryptocurrency 131

Cryptocurrency Accountability Passwords Software 131

Krebs on Security

MAY 18, 2019

com — a forum popular among people involved in hijacking online accounts and conducting SIM swapping attacks to seize control over victims’ phone numbers — has itself been hacked, exposing the email addresses, hashed passwords, IP addresses and private messages for nearly 113,000 forum users.

Accountability 221

Accountability Hacking Backups Passwords 221

Security Affairs

OCTOBER 23, 2021

CISA warned of crypto-mining malware hidden in a popular JavaScript NPM library, named UAParser.js, which has millions of weekly downloads. The popular library has million of weekly downloads. According to the maintainer of the library,Faisal Salman, a threat actor has hijacked his NPM account to publish the infected packages.

Malware 139

Malware Cryptocurrency Accountability Software 139

Dark Reading

MARCH 24, 2022

Of the top 10 Trojans targeting Android devices, downloaders and infostealers accounted for 87% of detections in February, Bitdefender says.

Malware 65

Malware Accountability 65

Security Affairs

OCTOBER 20, 2021

The malware landing page is disguised as a software download URL that was sent via email or a PDF on Google Drive, or via Google documents containing the phishing links. The researchers identified around 15,000 actor accounts, most of which were created for this campaign. ” reads the analysis published by Google TAG.

Accountability 130

Accountability Malware Phishing Social Engineering 130

Malwarebytes

OCTOBER 20, 2021

If you no longer want to keep your Snapchat account, you can choose to delete it. How to deactivate your Snapchat account. Currently, there’s no direct way to disable your account temporarily. After you delete your Snapchat, the platform gives you 30 days to change your mind before deleting your account permanently.

Accountability 93

Accountability Media Passwords Mobile 93

Security Affairs

APRIL 17, 2022

GitHub uncovered threat actors using stolen OAuth user tokens to gain access to their repositories and download private data from several organizations. Threat actors abused stolen OAuth user tokens issued to two third-party OAuth integrators, Heroku and Travis-CI, to download data from dozens of organizations, including npm.

Hacking 108

Hacking Accountability Cybersecurity Authentication 108

CSO Magazine

MARCH 7, 2023

Over the past year, a group of attackers has targeted Facebook business account owners by spreading information stealing malware through malicious Google ads or fake Facebook profiles. to lure victims into downloading a malicious file. To read this article in full, please click here

Accountability 95

Accountability Manufacturing Government Malware 95

Malwarebytes

MARCH 26, 2023

There’s some bad things lurking in search engine results waiting to compromise your Facebook account. This site eventually directs you to a Chrome extension download from the official extension store. However, the real aim of the game here is to compromise Facebook accounts. The scam is based around Chat GPT-4.

Accountability 98

Accountability Scams Encryption Authentication 98

Security Affairs

APRIL 16, 2023

Microsoft warns of a new Remcos RAT campaign targeting US accounting and tax return preparation firms ahead of Tax Day. Tax Day, Microsoft has observed a new Remcos RAT campaign targeting US accounting and tax return preparation firms. Ahead of the U.S. The phishing attacks began in February 2023, the IT giant reported. LNK) files. .

Accountability 94

Accountability Phishing Financial Services Surveillance 94

Security Affairs

MARCH 30, 2021

Palo Alto Network researcher Aviv Sasson discovered 30 malicious Docker images, which were downloaded 20 million times, that were involved in cryptojacking operations. The expert determined the number of cryptocurrencies that were mined to a mining pool account by inspecting the mining pool. library and community for container images.

Cryptocurrency 101

Cryptocurrency Accountability Architecture Software 101

CSO Magazine

MAY 17, 2023

Researchers from security firm Proofpoint investigated how attackers could abuse access to a Teams account and found some interesting attack vectors that could allow hackers to move laterally by launching further phishing attacks or getting users to download malicious files.

Accountability 105

Accountability Phishing Risk 105

Krebs on Security

JANUARY 25, 2024

Google continues to struggle with cybercriminals running malicious ads on its search platform to trick people into downloading booby-trapped copies of popular free software applications. And by most accounts, the threat from bad ads leading to backdoored software has subsided significantly compared to a year ago.

Software 245

Software Advertising Malware Accountability 245

Malwarebytes

JANUARY 25, 2023

The recent WhatsApp accounts takeover is simple and genius. A "hacker" tries to login to your account via WhatsApp. A user who is not available to respond to verification checks—whether they're asleep, in-flight, or have simply set their smartphone to "do not disturb"—may be at risk of losing their WhatsApp account.

Accountability 98

Accountability Mobile Risk Authentication 98

Malwarebytes

DECEMBER 9, 2022

Epic have made some alterations to how accounts for kids work , with multiple features disabled for what are now known as “ Cabined Accounts ” If your children are big fans of Epic games like Fortnite and Rocket League, you may well have worried about their gaming interactions with other players at some point.

Accountability 70

Accountability Social Engineering Marketing Media 70

Malwarebytes

JULY 11, 2023

Like all social media platforms, Facebook constantly has to deal with fake accounts, scams and malware. In the past few weeks, there's been a resurgence in sponsored posts and accounts that impersonate Meta/Facebook's own Ads Manager. In early June, we identified fraudulent accounts running the same scam using similar lures.

Accountability 81

Accountability Scams Malware Advertising 81

The Hacker News

NOVEMBER 30, 2022

A malicious Android SMS application discovered on the Google Play Store has been found to stealthily harvest text messages with the goal of creating accounts on a wide range of platforms like Facebook, Google, and WhatsApp.

Accountability 88

Accountability Hacking Advertising 88

Malwarebytes

SEPTEMBER 13, 2023

They can do this becasue alongside the password vaults that were stolen, criminals also made off with customers' email addresses, as well as " basic customer account information", company names, end-user names, billing addresses, telephone numbers, and IP addresses. Keep threats off your devices by downloading Malwarebytes today.

Phishing 138

Phishing Accountability Passwords Password Management 138

Malwarebytes

DECEMBER 1, 2021

Security researchers have discovered banking Trojan apps on the Google Play Store, and say they have been downloaded by more than 300,000 Android users. As you may know, banking Trojans are kitted for stealing banking data like your username and password, and two-factor authentication (2FA) codes that you use to login to your bank account.

Malware 118

Malware Banking Authentication Cryptocurrency 118

Security Affairs

JULY 24, 2022

million Twitter accounts that were obtained by exploiting a now-fixed vulnerability in the popular social media platform. The bug exists due to the proccess of authorization used in the Android Client of Twitter, specifically in the procces of checking the duplication of a Twitter account.” Threat actor leaked data of 5.4

Accountability 134

Accountability Advertising Authentication Hacking 134

Hacker Combat

OCTOBER 25, 2021

Google has reported that it disrupted the phishing attacks where threat actors had tried to hijack various YouTube accounts using cookie theft malware. The hijacker’s intent was to use those accounts to promote different crypto-currency scams. . Such accounts have a buying price ranging from $3 to $4,000. . and email.cz.

Accountability 99

Accountability Malware Scams Antivirus 99

Malwarebytes

JUNE 11, 2021

For those who wish to take a break from Facebook either temporarily or permanently, instructions for deleting or deactivating your account are below. Deleting your Facebook account. How to delete your Facebook account from a browser. Follow this link to the page that allows you to end your account permanently.

Accountability 114

Accountability Passwords Media Social Engineering 114

Malwarebytes

MAY 30, 2022

The phishing emails tell recipients that their account has been put on hold, and try to trick users into “validating their account” to release it again. The email explains to the receiver that their account is temporarily on hold, and what they need to do to remediate that situation. Delete any downloaded files immediately.

Phishing 133

Phishing Accountability Small Business Malware 133

Malwarebytes

JANUARY 25, 2023

The latest target happens to be popular language platform DuoLingo , who is currently digging into a forum post concerning data related to its customer accounts. million DuoLingo account entries that were scraped from an exposed API. Keep threats off your devices by downloading Malwarebytes today. Stay safe out there!

Accountability 89

Accountability Scams Phishing Risk 89

Malwarebytes

NOVEMBER 1, 2022

LinkedIn knows it has a problem with bots and fake accounts, and has acknowledged this on more than one occasion. In 2018, LinkedIn rolled out a way to automatically detect fake accounts. Accounts with positive detections will be removed before they can be used to reach out to members. What's new?

Accountability 89

Accountability Cryptocurrency Education Technology 89