Summary: Researchers have identified a sophisticated phishing campaign utilizing the “Cheana Stealer” malware, targeting users across multiple operating systems through a fake VPN site. The campaign demonstrates a strategic approach to exploit user trust and system vulnerabilities to exfiltrate sens…
Tag: MACOS
Summary: Researchers have identified a new information stealer named Cthulhu Stealer, targeting macOS systems and designed to harvest sensitive information. This malware, available as a malware-as-a-service, mimics legitimate software to deceive users into providing their credentials. Threat Actor:…
Summary: Researchers have identified a new macOS malware strain named TodoSwift, which shares characteristics with known North Korean malware linked to the BlueNoroff group. This malware, distributed as a signed application, is designed to exfiltrate data and execute commands on infected devices. Th…
The article analyzes the macOS malware landscape focusing on a new malware-as-a-service called “Cthulhu Stealer,” a GoLang-infostealer targeting Mac users by disguising as legitimate software and stealing credentials and cryptocurrency wallet data. It covers d…
A phishing campaign impersonating a VPN provider targets Windows, Linux, and macOS users with platform-specific stealer binaries designed to harvest crypto wallet data, passwords, and SSH keys. The operation is tied to a Telegram channel with 54k+ subscribers …
Summary: Google has released an emergency security update for Chrome to address a high-severity zero-day vulnerability (CVE-2024-7971) that is being actively exploited in the wild. This vulnerability, stemming from a type confusion issue in the V8 JavaScript engine, could allow attackers to execute…
Summary: A critical security vulnerability, CVE-2024-7272, has been discovered in FFmpeg, affecting versions up to 5.1.5, which could allow remote attackers to exploit a heap-based buffer overflow for arbitrary code execution or denial of service. The FFmpeg development team urges users to upgrade i…
TodoSwift is a macOS malware dropper linked to North Korea’s BlueNoroff, disguising itself as a legitimate PDF downloader to fetch and execute a malicious stage-2 binary. The analysis details its use of Google Drive links, NSTask-based curl commands, and a sig…
BANSHEE Stealer is a macOS infostealer discovered in August 2024, reportedly developed by Russian threat actors, targeting system information, browser data, and cryptocurrency wallets. Priced at $3,000 per month, it highlights the growing trend of malware aimi…
Summary: International authorities have successfully seized the servers of the Dispossessor ransomware group, marking a significant step in the fight against ransomware attacks. This operation highlights the importance of global cooperation in combating cybercrime, especially in light of emerging th…
Threat analysts are tracking a campaign that distributes a counterfeit AnyDesk remote access tool via fake websites and social engineering to steal data and funds from Windows and macOS users. The operation targets UK banks and other brands, with malicious dom…
Summary: Two vulnerabilities in the macOS version of the 1Password password manager (CVE-2024-42219 and CVE-2024-42218) could allow malware to steal sensitive information, including the account unlock key. AgileBits has confirmed the vulnerabilities have been patched in recent software updates, with…
Summary: Microsoft researchers revealed multiple medium-severity vulnerabilities in OpenVPN during the Black Hat USA 2024 conference, which could be exploited to achieve remote code execution (RCE) and local privilege escalation (LPE). These vulnerabilities affect all versions of OpenVPN prior to 2….
Summary: A report by Picus Security reveals that 40% of tested environments allow attackers to gain domain admin access, highlighting significant gaps in threat exposure management that can lead to major cyber incidents. The analysis indicates that while organizations prevent a majority of attacks,…
Summary: Evasive Panda, a cyber espionage group, compromised an Internet Service Provider (ISP) in mid-2023 to deliver malicious software updates, showcasing an escalation in their tactics. Known for using various backdoors and malware strains, the group has targeted sensitive entities, particularly…