SecureList

JANUARY 13, 2022

The group seems to work more like a unit within a larger formation of Lazarus attackers, with the ability to tap into its vast resources: be it malware implants, exploits, or infrastructure. Also, we have previously reported on cryptocurrency-focused BlueNoroff attacks. Malware infection.

Cryptocurrency 128

Cryptocurrency Malware Accountability Banking 128

Krebs on Security

APRIL 20, 2023

Researchers at ESET say this job offer from a phony HSBC recruiter on LinkedIn was North Korean malware masquerading as a PDF file. Researchers at ESET say this job offer from a phony HSBC recruiter on LinkedIn was North Korean malware masquerading as a PDF file. Image: Mandiant.

Malware 278

Malware Software Technology Accountability 278

Approachable Cyber Threats

JULY 7, 2022

The booming market on the Dark Web for passwords and other personal information make it a lucrative business for any cybercriminal - and Raccoon Stealer’s Malware-as-a-Service model makes it even easier for anyone to steal your information to make a profit. Wait, what is Malware-as-a-Service?” For the most part, Raccoon Stealer 2.0

Social Engineering 105

Social Engineering Cryptocurrency Malware Antivirus 105

Malwarebytes

MARCH 1, 2024

Cybercriminals are targeting Mac users interested in cryptocurrency opportunities with fake calendar invites. In reality the link runs a script to install Mac malware on the target’s machine. “AppleScript has been used against Mac users with moderate frequency by malware creators over the years.

Cryptocurrency 99

Cryptocurrency Malware Authentication Banking 99

Hacker Combat

AUGUST 8, 2022

North Korean hackers use phoney Coinbase job offers to target cryptocurrency professionals. The renowned North Korean hacking outfit Lazarus has uncovered a new social engineering scheme in which the hackers pose as Coinbase to lure workers into the fintech sector. Lazarus hackers go after cryptocurrency.

Social Engineering 93

Social Engineering Cryptocurrency Engineering Malware 93

Security Boulevard

MAY 19, 2022

In April 2022, ThreatLabz discovered several newly registered domains, which were created by a threat actor to spoof the official Microsoft Windows 11 OS download portal. These variants of Vidar malware fetch the C2 configuration from attacker-controlled social media channels hosted on Telegram and Mastodon network. google*.*:*utc*.*:*UTC*.*:*crypt*.*:*key*.*;50;true;movies:music:mp3;

Media 64

Media Social Engineering Backups Passwords 64

Security Affairs

MAY 19, 2023

TurkoRat is an information-stealing malware that can obtain a broad range of data from the infected machine, including account login credentials, cryptocurrency wallets, and website cookies. The malware also supports anti-sandbox and analysis functionalities to avoid detection and prevent being analyzed. file ( agent-base ).

Encryption 82

Encryption Social Engineering Malware Cryptocurrency 82

SecureList

MARCH 1, 2021

In their campaigns to infect mobile devices, cybercriminals always resort to social engineering tools, the most common of these passing a malicious application off as another, popular and desirable one. The mobile malware Trojan-Ransom.AndroidOS.Agent.aq Number of attacks on mobile users in 2019 and 2020 ( download ).

Mobile 135

Mobile Malware Adware Banking 135

Malwarebytes

OCTOBER 20, 2022

A phishing campaign known to specifically target employees with access to their company's Facebook Business and Ads accounts has significantly widened its net and begun using a first-of-its-kind information-stealing malware to go after crypto wallets. Social engineering attacks and malware form the core of Ducktail's modus operandi.

Social Engineering 76

Social Engineering Malware Accountability Engineering 76

Security Affairs

JANUARY 23, 2022

“cybercriminals are taking advantage of this technology by directing QR code scans to malicious sites to steal victim data, embedding malware to gain access to the victim’s device, and redirecting payment for cybercriminal use.” ” reads the FBI’s PSA.

Cryptocurrency 99

Cryptocurrency Social Engineering Malware Scams 99

Security Affairs

JUNE 4, 2023

Xplain hack impacted the Swiss cantonal police and Fedpol Zyxel published guidance for protecting devices from ongoing attacks Kimsuky APT poses as journalists and broadcast writers in its attacks New Linux Ransomware BlackSuit is similar to Royal ransomware CISA adds Progress MOVEit Transfer zero-day to its Known Exploited Vulnerabilities catalog (..)

Spyware 89

Spyware Hacking Malware Social Engineering 89

SecureList

NOVEMBER 22, 2022

Unlike common stealers, this malware gathered data that can be used to identify the victims, such as browsing histories, social networking account IDs and Wi-Fi networks. Cryptocurrency targeted attacks. More cryptocurrency-related threats: fake hardware wallets, smart contract attacks, DeFi hacks, and more.

Cryptocurrency 89

Cryptocurrency Mobile Ransomware Banking 89

Security Affairs

JANUARY 18, 2022

According to the security firm, the group is financially motivated, its cyberespionage campaign hit high value targets such as government and educational institutions, religious movements, pro-democracy and human rights organisations in Hong Kong, Covid-19 research organisations, gambling and cryptocurrency companies, and the media.

Cryptocurrency 111

Cryptocurrency Social Engineering Media Phishing 111

Malwarebytes

MARCH 1, 2023

One major advantage for the malware distributors behind the exploit kit is that the outdated browser has reached end-of-life (EOL), which means it no longer receives security updates and patches against known threats. .” It all depends on which cybercriminals pay the RIG EK administrator to install their malware on victim machines.

Internet 93

Internet Internet Social Engineering Malware 93

eSecurity Planet

SEPTEMBER 14, 2022

As a matter of fact, the most-reported crime in the 2021 Internet Crime Report report was phishing , a social engineering scam wherein the victim receives a deceptive message from someone in an attempt to get the victim to reveal personal information or account credentials or to trick them into downloading malware.

Social Engineering 120

Social Engineering Energy and Utilities Phishing Scams 120

SecureList

NOVEMBER 23, 2021

We should expect more fraud, targeting mostly BTC , because this cryptocurrency is the most popular. Currently, at a value of approximately $60,000, cybercriminals have adapted their malware to monitor the operating system’s clipboard and redirect funds to addresses under their control. MageCart attacks moving to the server side.

Cryptocurrency 108

Cryptocurrency Banking Cybercrime Ransomware 108

SecureWorld News

AUGUST 2, 2021

Robinhood is an increasingly popular trading app where you can buy and sell stocks, as well as cryptocurrency. Phishing attempts come via email where scammers use different social engineering tactics to pose as a reputable sender like the IRS, your bank or brokerage firm. Be especially wary of.zip,exe,doc files.

Phishing 89

Phishing Social Engineering Scams Identity Theft 89

Malwarebytes

NOVEMBER 23, 2021

If you download a gift card generator and you are lucky, it will inform you just before you try it that it does not generate valid gift card codes, but only random codes for “educational purposes.” In the worst case scenario, you will end up downloading a piece of malware to your system.

Scams 114

Scams Social Engineering Malware Cryptocurrency 114

Malwarebytes

APRIL 11, 2023

In a recent tweet , the FBI office in Denver warned consumers against using free public charging stations, stating that criminals have managed to hijack public chargers with the objective of infecting devices with malware or other software that can give hackers access to your phone, tablet or computer. Enjoy the free charge!”

Mobile 98

Mobile Banking Malware Spyware 98

SecureList

SEPTEMBER 6, 2022

In this report, we provide the latest statistics on cyberthreats to gamers, as well as detailed information on the most widespread and dangerous types of malware that players must be aware of. Methodology. To make the overview more in-depth, we included both mobile and PC games. Key findings. Top game titles by number of related threats.

Mobile 99

Mobile Passwords Software Accountability 99

SecureList

AUGUST 23, 2021

Last year’s lockdowns gave a boost to the mobile market, with users downloading thirty percent more mobile games per week in Q1 2021 than in Q4 2019 globally, reaching over one billion weekly downloads. We examined malware and unwanted software disguised as popular PC and mobile games. billion in the first half of 2021.

Adware 116

Adware Mobile Phishing Malware 116

SecureWorld News

AUGUST 2, 2022

All a threat actor would have to do is download the app and decompile it to get the API credentials. Scenario 2: Twitter can be used to spearhead malware attacks through verified accounts passed on among legitimate followers. And the collected PII can be used to launch other social engineering attacks or identity theft.

Mobile 84

Mobile Accountability Identity Theft Cryptocurrency 84

CyberSecurity Insiders

NOVEMBER 26, 2021

Ransomware, a piece of code that locks the user out of their machine until a ‘ransom’ (usually a sum of money in cryptocurrency) is paid, looks set to continue to rise in 2022 also. Employees should download app updates for email clients and anti-malware software as soon as they are available. 2) Create strong passwords.

Digital transformation 119

Digital transformation Phishing Social Engineering Passwords 119

Security Affairs

NOVEMBER 19, 2019

The second half of 2018 saw a drop in the number of malicious programs downloaded via browsers reaching its minimum at less than 5%, while in the first half of 2019 only every 19 th download was initiated via means other than email. Another trend was disguising malware in emails. Links account for 29%, while attachments—for 71%.

Ransomware 69

Ransomware Antivirus Malware Banking 69

Security Boulevard

AUGUST 3, 2022

A hacker can simply download the app and decompile it to get the API credentials. Spearheading malware attacks through verified accounts passed on among legitimate followers. Spamming with the aim of, for example, disseminating information related to cryptocurrency or the stock market. Machine identity is essential for security.

Mobile 98

Mobile Authentication Accountability Identity Theft 98

SecureList

FEBRUARY 16, 2023

These sites referenced public figures and humanitarian groups, offering to accept cash in cryptocurrency, something that should have raised a red flag in itself. By getting the user’s secret phrase, cybercriminals could get access to their cryptocurrency balance. Now, attackers have started collecting Bitcoin for charity.

Phishing 93

Phishing Scams Accountability Energy and Utilities 93

Security Affairs

FEBRUARY 2, 2019

“This new feature can be enabled via third-party developers in their apps, or custom built by users downloading the shortcuts app from the app store. Once downloaded and installed, the Shortcuts app grants the power of scripting to perform complex tasks on users’ personal devices.”

Social Engineering 86

Social Engineering Advertising Hacking Data collection 86

eSecurity Planet

FEBRUARY 16, 2021

Malware, short for “malicious software,” is any unwanted software on your computer that, more often than not, is designed to inflict damage. Since the early days of computing, a wide range of malware types with varying functions have emerged. Best Practices to Defend Against Malware. Jump ahead: Adware. RAM scraper.

Malware 105

Malware Adware Spyware Antivirus 105

SecureList

AUGUST 10, 2022

VileRAT is a Python implant, part of an evasive and highly intricate attack campaign against foreign exchange and cryptocurrency trading companies. Malicious DOCX social engineering message. Example of a downloaded image upon macro execution. VileLoader: an evasive multi-stage implant downloader. xml version="1.0"

Cryptocurrency 90

Cryptocurrency Encryption Social Engineering Passwords 90

Security Affairs

JANUARY 27, 2022

Millions of customers of large businesses have been left vulnerable to identity theft, thanks to a security flaw that exposes their personal data to illicit download. However, the App Store doesn’t publicly share download data. Threat actors can abuse PII to conduct phishing and social engineering attacks.

Identity Theft 89

Identity Theft Accountability Data breaches Social Engineering 89

Security Boulevard

JANUARY 26, 2022

QR codes are square barcodes that smartphone cameras can scan to provide quick access to a website, prompt application downloads or direct payment to an intended. The post Cybercriminals Using QR Codes to Steal Financial Info, FBI Warns appeared first on Security Boulevard.

Social Engineering 98

Social Engineering Cryptocurrency Engineering Mobile 98

SecureList

JULY 11, 2022

E-mail scammers typically combine social engineering with technical skills to bypass spam filters and persuade the recipient to reply. The latter are usually downloaded from open sources. Attackers can also create fake profiles in social networks and instant messengers to make the scheme more persuasive. Blackmail scam.

Scams 101

Scams Accountability Banking Phishing 101

Webroot

FEBRUARY 11, 2021

As we mentioned in a previous blog , hackers come in many forms, but their methods can generally be classified into three distinct types of cybercriminals: The Impersonator – Hackers that pretend to be others, often using social engineering and human psychology to trick users.

Scams 108

Scams Phishing Firewall Social Engineering 108

SecureList

JUNE 7, 2023

Mobile statistics Targeted attacks BlueNoroff introduces new methods bypassing MotW At the close of 2022, we reported the recent activities of BlueNoroff , a financially motivated threat actor known for stealing cryptocurrency. However, recently the group has adopted new methods to deliver its malware. You can find the details here.

DNS 101

DNS Malware Cryptocurrency Retail 101

Spinone

NOVEMBER 1, 2019

DLP is included in the organization policy, but individuals must also use this strategy to keep all data safe during ransomware or malware attack. Malware and Ransomware Adware – Software that automatically displays or downloads material when a user is offline. Some companies detect data leaks after months or even years.

Passwords 40

Passwords Social Engineering Malware Encryption 40

Security Affairs

MARCH 27, 2023

A technical analysis of NullMixer malware operation revealed Italy and France are the favorite European countries from the attackers’ perspective. Executive Summary Our insights into a recent NullMixer malware operation revealed Italy and France are the favorite European countries from the opportunistic attackers’ perspective.

Malware 86

Malware Social Engineering Encryption Marketing 86

Security Boulevard

MARCH 31, 2022

RedLine Password Theft Malware. The RedLine password theft malware is a hot topic this month with Microsoft’s employee compromise. RedLine Malware-as-a-Service. The first mention of this malware appears to be in early 2020 , when multiple phishing campaigns cast a wide net over thousands of users, offering RedLine en masse.

Cybersecurity 98

Cybersecurity Social Engineering Passwords Malware 98