Researchers analyzed a sophisticated fake Microsoft account login phishing page used to harvest credentials. The page mirrors Microsoftās login and uses encryption, anti-snooping measures, and script obfuscation to evade detection. #MicrosoftAccount #FakeMS #Cā¦
Category: Threat Research
Juniper Threat Labs uncovered a custom Python backdoor implanted on a VMware ESXi host, persisting by editing startup and proxy configuration and exposing a local webserver that can run commands or establish a reverse shell. The attackers also wired a reverse ā¦
Team Cymru tracks ongoing Iranian-linked activity by the PHOSPHORUS group, with a focus on a long-running C2 server at 107.173.231.114 and related infrastructure. The activity includes exploiting unpatched Exchange servers (Log4J and ProxyShell) and using IP- ā¦
Trend Micro intercepted a Linux cryptomining campaign that now incorporates the CHAOS Remote Administrative Tool (CHAOSRAT) to enhance control over infected hosts. The operation persists via cron-based mechanisms, downloads XMRig and the RAT from distributed sā¦
MuddyWater (aka Static Kitten, Mercury) is an Iran MOIS-linked cyber espionage group that has expanded its targeting with campaigns using spearphishing and legitimate remote administration tools. The latest campaign uses HTML attachments and hosted archives toā¦
Threat Actors are exploiting FIFA World Cup buzz to run a range of scams, including crypto phishing with fake NFT drops, fake FIFA-themed domains, WhatsApp-led scams, and broad malware campaigns. Cyble Research & Intelligence Labs (CRIL) documents multiple lurā¦
Redline Stealer is a popular credential stealer distributed via fake software and advertising channels, featuring obfuscation, loader capabilities, and C2 over a non-standard channel. The threat actor uses an AutoIt wrapper, a configurable loader, and a robustā¦
Since August 2022, Truebot (Silence.Downloader) infections have surged, with two botnets observed: a globally distributed one (notably targeting Mexico, Brazil, and Pakistan) and a newer US-focused botnet impacting Windows servers and several education-sector ā¦
Cloud compute credentials attacks target misconfigured cloud compute services to steal credentials and access cloud infrastructure, causing costly resource usage and remediation work. The article presents two real-world casesāone in AWS Lambda and one in Googlā¦
Authored by SangRyol Ryu and Yukihiro OkutomiĀ McAfeeās Mobile Research team recently analyzed new malware targeting mobile payment users in…
The post Fake Security App Found Abuses Japanese Payment System appeared first on McAfee Blog….
ThreatFabric researchers describe a multi-platform campaign that binds malicious payloads to legitimate apps via a darknet service called Zombinder, delivering Android banking trojan Ermac alongside Windows desktop malware (Erbium, Aurora, Laplas, and Xenomorpā¦
eSentireās Threat Response Unit analyzed GootLoaderās latest infection technique against a pharmaceutical company, revealing a compromised WordPress site delivering a large, obfuscated JavaScript payload and a new persistence method. The malware uses scheduledā¦
Insikt Group profiles TAG-53 infrastructure that overlaps with Callisto Group, COLDRIVER, and SEABORGIUM, detailing patterns in domain naming, TLS certificates from Letās Encrypt, hosting clusters, and a small set of autonomous systems, suggesting long-runningā¦
Deathstalker has deployed a new Janicab variant targeting legal entities in the Middle East and Europe, leveraging YouTube-based dead-drop resolvers (DDRs) and a multi-stage VBScript loader to deliver Janicab. The operation shows expanded targets (including trā¦
The Cuba Ransomware group Tropical Scorpius is analyzed in relation to its Cuba variant, including attack simulations added by Picus Threat Library. The report maps out a wide set of TTPs from initial access to impact, and notes connections to the Industrial Sā¦