Security Boulevard

MAY 19, 2022

Attackers are using search engine optimization (SEO) techniques to improve the ranking of malicious PDF files on search engines including Google and Microsoft’s Bing, according to a Netskope report. The post Surge in Malware Downloads Driven by SEO-Based Techniques appeared first on Security Boulevard.

Social Engineering 139

Social Engineering Malware Engineering Cybersecurity 139

Security Affairs

MAY 17, 2025

“Contact information acquired through social engineering schemes could also be used to impersonate contacts to elicit information or funds.” Avoid clicking links or downloading files from unverified sources. ” reads the alert issued by the FBI. Dont send money or crypto without confirming requests.

Government 123

Government Social Engineering Authentication Accountability 123

Schneier on Security

MAY 30, 2025

The idea is that people—you, me, everyone—should just pause for nine seconds and think more about the link they are planning to click on, the file they are planning to download, or whatever it is they are planning to share. Even if we do this all well and correctly, we can’t make people immune to social engineering.

Cybersecurity 212

Cybersecurity Scams Security Awareness Phishing 212

Malwarebytes

DECEMBER 19, 2024

Social engineering is a core part of these schemes and the tricks we see are sometimes very clever. Such search queries have been a hot spot for criminals who want to lure victims that are looking to download programs onto their computer. Once the code runs, it will download a file from a remote domain ( topsportracing[.]com

Social Engineering 100

Social Engineering Engineering Malware Antivirus 100

Security Affairs

APRIL 17, 2025

In this attack phase, a PowerShell script downloads an archive from the command-and-control server containing the Node.js In a documented instance, attackers used a ClickFix social engineering tactic to trick users into running a PowerShell command that downloads and installs Node.js to deploy malicious payloads.

Social Engineering 116

Social Engineering Malware Cryptocurrency Engineering 116

SecureWorld News

FEBRUARY 15, 2024

The hackers rely heavily on social engineering tactics to distribute the malware. Android users were directed to fake app store pages to download infected apps. The malware has been active since 2023, specifically targeting victims in Vietnam and Thailand.

Social Engineering 104

Social Engineering Mobile Authentication Engineering 104

Security Affairs

MARCH 24, 2025

Initially, the group published screenshots of stolen data as proof of the attack, now the whole archive can be downloaded from the leak page. The group said that the waiting period had expired and claimed the theft of 134GB of sensitive data. ” reads a report published by Halcyon.

Ransomware 104

Ransomware Hacking Social Engineering VPN 104

The Last Watchdog

JANUARY 30, 2025

Using a very clever social engineering attack that exploits trusted domains, the adversary can then further escalate the profile hijacking attack to steal passwords from the victims browser. Browser takeover To achieve a full browser takeover, the attacker essentially needs to convert the victims Chrome browser into a managed browser.

Social Engineering 130

Social Engineering Engineering Authentication Media 130

Security Affairs

OCTOBER 29, 2024

The threat actors use the Civil Defense website to distribute multiple software programs that, once installed, download different malware families. The site provides a downloader called Pronsis Loader to Windows users, this malware starts an attack chain, ultimately installing SUNSPINNER and the PURESTEALER information stealer.

Malware 120

Malware Social Engineering Software Mobile 120

Schneier on Security

DECEMBER 20, 2022

The installer was left on various torrent sites, presumably ensnaring people downloading pirated copies of the operating system: Mandiant uncovered a socially engineered supply chain operation focused on Ukrainian government entities that leveraged trojanized ISO files masquerading as legitimate Windows 10 Operating System installers.

Social Engineering 240

Social Engineering Engineering Software Government 240

Security Affairs

NOVEMBER 15, 2024

Threat actors relies on social engineering tactics like ClickFix and FakeCaptcha to trick users into executing malicious scripts via PowerShell or Run prompts. To extract cookies from Chromium-based browsers, it downloads a module from the C&C to bypass App-Bound encryption. ” reads the report published by Gen Digital.

Encryption 117

Encryption Password Management Cryptocurrency Social Engineering 117

Tech Republic Security

MAY 13, 2025

By downloading what they believe is an AI-generated video, victims have installed malware that can steal their data or offer attackers remote access to infected devices.

Malware 129

Malware Artificial Intelligence Social Engineering Engineering 129

Malwarebytes

JANUARY 13, 2025

A smishing (SMS phishing) campaign is targeting iMessage users, attempting to socially engineer them into bypassing Apple’s built in phishing protection. Keep threats off your devices by downloading Malwarebytes today. And, now, the campign is gaining traction, according to our friends at BleepingComputer.

Phishing 129

Phishing Social Engineering Scams Mobile 129

Malwarebytes

MARCH 10, 2025

I realize that may sound like something trivial to steer clear from, but apparently its not because the social engineering behind it is pretty sophisticated. What the files are in reality is an encoded Powershell command which will run invisibly and download the actual payload.

Social Engineering 136

Social Engineering Media Scams Malware 136

eSecurity Planet

OCTOBER 22, 2024

Cybercriminals employ social engineering techniques to trick you into believing you must resolve fictitious technical issues. The hallmark of ClickFix campaigns is their clever use of social engineering. Types of Malware Delivered The ClickFix campaigns are not just a nuisance; they can lead to severe security breaches.

Scams 123

Scams Malware Phishing Social Engineering 123

Krebs on Security

FEBRUARY 17, 2021

In reality, prosecutors say, the programs were malware or downloaded malware after the applications were installed. “In addition to infecting victims through legitimate-looking websites, HIDDEN COBRA actors also use phishing, social networking, and social engineering techniques to lure users into downloading the malware.”

Cryptocurrency 343

Cryptocurrency Financial Services Banking Government 343

Malwarebytes

JANUARY 31, 2025

This is in contrast to typical phishing pages where victims download a so-called installer that contains malware. Overview Web traffic view Delivery #1: PowerShell code via “ClickFix” Malicious ad and social engineering Threat actors created a Google ad for the popular utility application Notion. com/in.php?action=1

Social Engineering 84

Social Engineering Engineering Malware Phishing 84

Security Affairs

MARCH 10, 2025

Using this social engineering trick, threats like stealers, RATs, Trojans, and crypto miners can persist undetected. com to distribute an infected archive, which had over 40,000 downloads. Common malware families include NJRat , XWorm, Phemedrone , and DCRat. Attackers used the malicious site gitrok[.]com

Cryptocurrency 92

Cryptocurrency Malware Social Engineering Antivirus 92

Security Boulevard

APRIL 3, 2025

is the shady entity behind a clutch of free VPN appswith over a million downloads. Bad Apple: Chinese firm banned by the U.S. The post App Stores OKed VPNs Run by China PLA appeared first on Security Boulevard.

VPN 123

VPN Social Engineering Data privacy Security Awareness 123

SecureWorld News

DECEMBER 17, 2024

This operation, which blends social engineering and technical exploitation, has resulted in the theft of more than 390,000 WordPress credentials. By downloading and running this code, victims essentially infected themselves." Simultaneously, a phishing campaign tricked targets into installing a fake kernel update.

Phishing 109

Phishing Threat Detection Social Engineering Cybercrime 109

The Hacker News

DECEMBER 2, 2024

Over a dozen malicious Android apps identified on the Google Play Store that have been collectively downloaded over 8 million times contain malware known as SpyLoan, according to new findings from McAfee Labs.

Social Engineering 133

Social Engineering Malware Mobile Engineering 133

Security Affairs

JANUARY 22, 2025

It extracts Python backdoors from ZIP files downloaded via remote SharePoint links and employs techniques associated with the FIN7 threat actor. Once access was established, the attacker used a web browser to download a malicious payload, which was split into parts, reassembled, and unpacked to deploy malware.

Ransomware 98

Ransomware Malware Social Engineering Engineering 98

The Hacker News

APRIL 26, 2024

An ongoing social engineering campaign is targeting software developers with bogus npm packages under the guise of a job interview to trick them into downloading a Python backdoor. Cybersecurity firm Securonix is tracking the activity under the name DEV#POPPER, linking it to North Korean threat actors.

Software 138

Software Social Engineering Malware Engineering 138

Hacker's King

DECEMBER 26, 2024

Steps to Enable Biometric App Locks: Download a secure app locker that integrates with your phones biometric features. Educate Yourself on Social Engineering Tactics Hacking isnt always about code; social engineeringmanipulating users into sharing sensitive informationis one of the most effective tools for cybercriminals.

Accountability 52

Accountability Hacking Social Engineering Passwords 52

Krebs on Security

APRIL 20, 2023

In late March 2023, 3CX disclosed that its desktop applications for both Windows and macOS were compromised with malicious code that gave attackers the ability to download and run code on all machines where the app was installed. Microsoft Corp.

Malware 329

Malware Software Technology Accountability 329

eSecurity Planet

FEBRUARY 26, 2025

Cybercriminals disguise messages as urgent notifications from banks, government agencies, or corporate IT teams, tricking users into providing credentials or downloading malware. Mishing is a phishing attack that uses SMS messages instead of emails to deceive victims into revealing sensitive information or clicking malicious links.

Phishing 87

Phishing Mobile Social Engineering Data breaches 87

eSecurity Planet

OCTOBER 3, 2022

PuTTY, KiTTY, TightVNC, Sumatra PDF Reader, and the muPDF/Subliminal Recording software installer have been backdoored to perform a wide range of social engineering campaigns that started in April 2022. The victims were tricked into downloading utilities to complete fake job assessments. Putty) and networking tools.

Software 128

Software Social Engineering Engineering Phishing 128

Security Affairs

APRIL 15, 2024

Then they used the access to download a set of MFA SMS message logs belonging to customers’ Duo accounts. “More specifically, the threat actor downloaded message logs for SMS messages that were sent to certain users under your Duo account between March 1, 2024 and March 31, 2024. ” continues the notification.

Data breaches 141

Data breaches Social Engineering Engineering Authentication 141

SecureList

MARCH 25, 2025

The attackers employed social engineering techniques to trick victims into sharing their financial data or making a payment on a fake page. Distribution of financial phishing pages by category, 2024 ( download ) Online shopping scams The most popular online brand target for fraudsters was Amazon (33.19%). on the previous year.

Phishing 81

Phishing Banking Scams Mobile 81

Krebs on Security

MAY 14, 2024

“CVE-2024-30051 is used to gain initial access into a target environment and requires the use of social engineering tactics via email, social media or instant messaging to convince a target to open a specially crafted document file,” Narang said.

Social Engineering 293

Social Engineering Backups Malware Software 293

Security Boulevard

JANUARY 20, 2025

Successful exploitation requires social engineering users into manipulating a specially crafted file. These video guides function as the initial lure; they then share links to fake downloaders for the cracked software, which actually drop information stealers onto the device. These probably don't affect most users reading this.

Surveillance 97

Surveillance Malware Data breaches Phishing 97

Malwarebytes

APRIL 19, 2022

Victims are lured into downloading the malware with a variety of social engineering tactics, including spearphishing. TraderTraitor describes a series of malicious Electron applications that can download and execute malicious payloads, such as remote access trojans ( RAT ). Spearphishing campaigns. Mitigation.

Cryptocurrency 135

Cryptocurrency Social Engineering Computers and Electronics Engineering 135

Krebs on Security

JANUARY 30, 2024

2022 that an intrusion had exposed a “limited number” of Twilio customer accounts through a sophisticated social engineering attack designed to steal employee credentials. Twilio disclosed in Aug. Sosa also was active in a particularly destructive group of accomplished criminal SIM-swappers known as “ Star Fraud.”

Social Engineering 358

Social Engineering Mobile Passwords Cybercrime 358

Malwarebytes

MARCH 19, 2025

Additional social engineering techniques Phishing emails and messages : Scammers send convincing emails or text messages that appear to be from legitimate government agencies or financial institutions, urging users to click on malicious links or provide personal information. gov domains).

Scams 92

Scams Government Identity Theft Social Engineering 92

SecureList

FEBRUARY 20, 2025

User Execution and Phishing techniques ranked again in the top three threats, with nearly 5% of high-severity incidents involving successful social engineering. To explore these and other trends in detail, download full report (PDF).

Social Engineering 100

Social Engineering Phishing Government Threat Detection 100

Security Affairs

APRIL 8, 2022

The threat actors use sophisticated social engineering techniques to infect Windows and Android devices of the victims with previously undocumented backdoors. The new malware employed by the threat actors are tracked as Barb(ie) Downloader and BarbWire Backdoor. ” reads the analysis published by Cybereason.

Social Engineering 128

Social Engineering Engineering Malware Accountability 128

Malwarebytes

FEBRUARY 4, 2025

With all the details a phisher can find in a resume they can make their social engineering attempts very convincing. And if the job application was recent enough, a phisher could probably trick the victim into downloading malware under the guise of engaging in the hiring process.

Identity Theft 71

Identity Theft Social Engineering Education Banking 71