Krebs on Security

SEPTEMBER 19, 2024

Many GitHub users this week received a novel phishing email warning of critical security holes in their code. Those who clicked the link for details were asked to distinguish themselves from bots by pressing a combination of keyboard keys that causes Microsoft Windows to download password-stealing malware.

Phishing 327

Phishing Scams Malware Passwords 327

Malwarebytes

FEBRUARY 11, 2025

There are plenty of phish in the sea, and the latest ones have little interest in your email inbox. In 2024, Malwarebytes detected more than 22,800 phishing apps on Android, according to the recent 2025 State of Malware report. These Android phishing apps may sound high-tech, but they are not.

Phishing 129

Phishing Passwords Mobile Authentication 129

Security Affairs

MAY 28, 2025

Researchers found a fake Bitdefender site spreading the Venom RAT by tricking users into downloading it as antivirus software. DomainTools Intelligence (DTI) researchers warn of a malicious campaign using a fake website (bitdefender-download[.]com) The malware includes tools for password theft and stealthy access.”

Antivirus 120

Antivirus Malware Banking Passwords 120

SecureList

DECEMBER 17, 2024

The attackers would then send what appeared to be the photo itself but was actually a malware installer. In reality, this was malware with no parcel-tracking functionality whatsoever. The link directed users to a phishing site offering to download Mamont for Android ( 12936056e8895e6a662731c798b27333 ).

Scams 96

Scams Malware Social Engineering Banking 96

eSecurity Planet

OCTOBER 22, 2024

One of the most concerning tactics currently on the rise is the ClickFix campaign — a sophisticated phishing scheme targeting unsuspecting Google Meet users. These malware scams lure individuals with fake conference invitations designed to mimic legitimate meeting requests and exploit users’ trust. What Are ClickFix Campaigns?

Scams 123

Scams Malware Phishing Social Engineering 123

SecureList

MARCH 3, 2025

million attacks involving malware, adware or unwanted mobile software were prevented. million malware, adware or unwanted software attacks targeting mobile devices. Some time later, the user received a phishing link to download malware disguised as a shipment tracking app. A total of 1.1

Mobile 116

Mobile Malware Adware Banking 116

Security Affairs

NOVEMBER 7, 2024

SentinelLabs observed North Korea-linked threat actor BlueNoroff targeting businesses in the crypto industry with a new multi-stage malware. SentinelLabs researchers identified a North Korea-linked threat actor targeting crypto businesses with new macOS malware as part of a campaign tracked as “Hidden Risk.”

Malware 124

Malware Architecture Risk Cryptocurrency 124

Security Affairs

APRIL 21, 2025

Russia-linked group APT29 targeted diplomatic entities across Europe with a new malware loader codenamed GRAPELOADER. ” About a year after its last WINELOADER campaign, the Russia-linked threat actor launched new phishing attacks posing as the European Ministry of Foreign Affairs, inviting targets to fake wine tasting events. .”

Malware 107

Malware Phishing Encryption Hacking 107

The Hacker News

MAY 12, 2025

Threat actors have been observed leveraging fake artificial intelligence (AI)-powered tools as a lure to entice users into downloading an information stealer malware dubbed Noodlophile.

Artificial Intelligence 124

Artificial Intelligence Malware Advertising Media 124

eSecurity Planet

MAY 11, 2025

Technical support consultant using programming to upgrade artificial intelligence simulation model As AI tools boom in popularity, cyberthieves are exploiting the excitement with fake AI video editing platforms that lure users into downloading malware. The Noodlophile Stealer is a new malware strain.

Malware 102

Malware Scams Media Artificial Intelligence 102

Krebs on Security

FEBRUARY 28, 2024

But clicking the meeting link provided by the scammers prompts the user to run a script that quietly installs malware on macOS systems. It didn’t dawn on Doug until days later that the missed meeting with Mr. Lee might have been a malware attack. ” Image: SlowMist.

Malware 334

Malware Cryptocurrency Software Phishing 334

Schneier on Security

FEBRUARY 7, 2023

Criminals using Google search ads to deliver malware isn’t new, but Ars Technica declared that the problem has become much worse recently. The surge is coming from numerous malware families, including AuroraStealer, IcedID, Meta Stealer, RedLine Stealer, Vidar, Formbook, and XLoader.

Malware 286

Malware Phishing Cybercrime 286

Krebs on Security

MAY 22, 2019

Some of the most convincing email phishing and malware attacks come disguised as nastygrams from a law firm. Here’s a look at a recent spam campaign that peppered more than 100,000 business email addresses with fake legal threats harboring malware. Please download and read the attached encrypted document carefully.

Phishing 280

Phishing Antivirus Scams Malware 280

eSecurity Planet

MARCH 14, 2025

A recent phishing campaign has raised alarms among cybersecurity professionals after it impersonated Booking.com to deliver a suite of credential-stealing malware. The phishing messages include links or attachments that direct users to fake Booking.com pages.

Phishing 61

Phishing Malware Social Engineering Authentication 61

Schneier on Security

APRIL 6, 2020

Microsoft is reporting that an Emotat malware infection shut down a network by causing computers to overheat and then crash. The malware further spread through the network without raising any red flags by stealing admin account credentials authenticating itself on new systems, later used as stepping stones to compromise other devices.

Malware 252

Malware Phishing Authentication Internet 252

Security Affairs

NOVEMBER 11, 2024

Fortinet researchers discovered a new phishing campaign spreading a variant of the commercial malware Remcos RAT. Fortinet’s FortiGuard Labs recently uncovered a phishing campaign spreading a new variant of the Remcos RAT. Once the CVE-2017-0199 is exploited, it downloads an HTA file and executes it on the recipient’s device.

Phishing 130

Phishing Malware Banking Encryption 130

Security Affairs

JANUARY 10, 2025

CrowdStrike warns of a phishing campaign that uses its recruitment branding to trick recipients into downloading a fake application, which finally installs the XMRig cryptominer. ” The attack begins with a phishing email impersonating CrowdStrike recruitment, directing recipients to a malicious website.”

Phishing 113

Phishing Scams Malware Authentication 113

Schneier on Security

MAY 5, 2020

Interesting story of malware hidden in Google Apps. That's when Russian security firm Dr. Web found a sample of spyware in Google's app store that impersonated a downloader of graphic design software but in fact had the capability to steal contacts, call logs, and text messages from Android phones.

Malware 262

Malware Spyware Phishing Government 262

Krebs on Security

APRIL 3, 2024

Roughly nine years ago, KrebsOnSecurity profiled a Pakistan-based cybercrime group called “ The Manipulaters ,” a sprawling web hosting network of phishing and spam delivery platforms. Manipulaters advertisement for “Office 365 Private Page with Antibot” phishing kit sold on the domain heartsender,com.

Phishing 299

Phishing Cybercrime Malware Advertising 299

eSecurity Planet

FEBRUARY 26, 2025

Cybercriminals are shifting their focus from emails to text messages, using mishing a more deceptive form of phishing to target mobile users and infiltrate corporate networks, according to new security research by Zimperium. Vishing: Also known as voice phishing. What is mishing? and 9%in Brazil.

Phishing 81

Phishing Mobile Social Engineering Data breaches 81

Security Affairs

OCTOBER 17, 2024

The threat actors also employed two new downloaders, called RustClaw and MeltingClaw, plus two backdoors, DustyHammock (Rust-based) and C++-based ShadyHammock. Polish entities were likely targeted as well, based on malware language checks. ” reads the report published by Talos.

Government 122

Government Malware Cyber Attacks Ransomware 122

Security Affairs

JANUARY 5, 2025

PLAYFULGHOST is a new malware family with capabilities including keylogging, screen and audio capture, remote shell access, and file transfer/execution. The backdoor is distributed through: Phishing emails with themes such as code of conduct to trick users into downloading the malware. sys driver.

Malware 131

Malware Encryption Phishing Hacking 131

Krebs on Security

AUGUST 17, 2023

You’ve probably never heard of “ 16Shop ,” but there’s a good chance someone using it has tried to phish you. A 16Shop phishing page spoofing Apple and targeting Japanese users. Image: Akamai.com. The INTERPOL statement says the platform sold hacking tools to compromise more than 70,000 users in 43 countries.

Phishing 242

Phishing Passwords Hacking Internet 242

Malwarebytes

APRIL 30, 2025

Your document is now ready for download: Please download the attachment and follow the provided instructions. There are several circumstances that make this campaign hard to detect: The cybercriminals send phishing emails from compromised WordPress sites, so the domains themselves appear legitimate and not malicious.

Computers and Electronics 144

Computers and Electronics Identity Theft Phishing Banking 144

Security Affairs

MAY 5, 2025

MintsLoader is a malware loader delivering the GhostWeaver RAT via a multi-stage chain using obfuscated JavaScript and PowerShell. The malware supports sandbox and virtual machine evasion techniques, a domain generation algorithm (DGA), and HTTP-based command-and-control (C2) communications.

Malware 127

Malware Phishing Threat Reports Encryption 127

Malwarebytes

APRIL 3, 2025

Recently weve been seeing quite a few phishing campaigns using QR codes in email attachments. The lure and the targets are varied, but the use of a QR code to get someone to visit the phishing site is fast becoming a preferred method for cybercriminals. DocuSign , Adobe), which increases the perceived legitimacy of the phish.

Phishing 139

Phishing Banking Mobile Accountability 139

Malwarebytes

JANUARY 15, 2025

Table of contents Overview Criminals impersonate Google Ads Lures hosted on Google Sites Phishing for Google account credentials Victimology Who is behind these campaigns? Figure 12: The actual phishing page that follows Finally, all the data is combined with the username and password and sent to the remote server via a POST request.

Advertising 133

Advertising Accountability Phishing Scams 133

SecureList

OCTOBER 21, 2024

Kral In mid-2023, we discovered the Kral downloader which, back then, downloaded the notorious Aurora stealer. This changed in February this year when we discovered a new Kral stealer, which we believe is part of the same malware family as the downloader due to certain code similarities. That file is the Kral downloader.

Passwords 127

Passwords Malware Encryption Cryptocurrency 127

Security Affairs

NOVEMBER 15, 2024

The Glove Stealer malware exploits a new technique to bypass Chrome’s App-Bound encryption and steal browser cookies. The malware could harvest a huge trove of data from infected systems, including cookies, autofill, cryptocurrency wallets, 2FA authenticators, password managers, and email client information.

Encryption 117

Encryption Password Management Cryptocurrency Social Engineering 117

The Hacker News

OCTOBER 22, 2024

Two malware families that suffered setbacks in the aftermath of a coordinated law enforcement operation called Endgame have resurfaced as part of new phishing campaigns. Tracked under the names BlackWidow, IceNova, Lotus,

Phishing 129

Phishing Malware 129

SecureList

OCTOBER 15, 2024

SideWinder’s most recent campaign schema Infection vectors The SideWinder attack chain typically starts with a spear-phishing email with an attachment, usually a Microsoft OOXML document (DOCX or XLSX) or a ZIP archive, which in turn contains a malicious LNK file. If the CPU is not from Intel or AMD, it terminates execution.

Malware 143

Malware Encryption Architecture Phishing 143

SecureList

DECEMBER 23, 2024

Victims get infected via phishing emails containing a malicious document that exploits a vulnerability in the formula editor ( CVE-2018-0802 ) to download and execute malware code. It contains a formula editor exploit that downloads and runs an HTML Application (HTA) file hosted on the same C2 server.

Encryption 135

Encryption Penetration Testing Malware Phishing 135

Penetration Testing

APRIL 6, 2025

Netskope Threat Labs has uncovered a new malicious campaign that employs deceptive tactics to distribute the LegionLoader malware. This campaign leverages fake CAPTCHAs and CloudFlare Turnstile to trick victims into downloading malware, which ultimately leads to the installation of a malicious browser extension.

Malware 99

Malware Phishing Cybersecurity 99

Security Affairs

FEBRUARY 12, 2025

The threat actor impersonates a South Korean government official to build trust with the target before sending a spear-phishing email with a bait PDF attachment. Upon running the code as an administrator, it downloads and installs a browser-based remote desktop tool and downloads a certificate file with a hardcoded PIN from a remote server.

Phishing 90

Phishing Malware Security Intelligence Hacking 90

Security Affairs

MARCH 28, 2025

Grandoreiro Banking Trojan resurfaces, targeting users in Latin America and Europe in new phishing campaigns. Forcepoint X-Labs researchers warn of new phishing campaigns targeting Latin America and Europe in new phishing campaigns. Clicking the “Download PDF” button leads to a zip payload from MediaFire.

Banking 89

Banking Phishing Malware Passwords 89

Security Affairs

MARCH 31, 2025

Russia-linked Gamaredon targets Ukraine with a phishing campaign using troop-related lures to deploy the Remcos RAT via PowerShell downloader. Armageddon , Primitive Bear , ACTINIUM , Callisto ) targets Ukraine with a phishing campaign. Talos researchers warn that Russia-linked APT group Gamaredon (a.k.a.

Phishing 113

Phishing Antivirus Encryption Hacking 113

eSecurity Planet

JUNE 17, 2025

Cybersecurity experts are now warning that clicking the familiar “unsubscribe” button at the bottom of unwanted emails could lead to phishing scams or malware attacks. At the mildest, clicking the link tells hackers that your email is active, which can lead to more spam or targeted phishing attempts later.

Phishing 103

Phishing Scams Passwords Malware 103