Security News

A new RedLine malware distribution campaign promotes fake Binance NFT mystery box bots on YouTube to lure people into infecting themselves with the information-stealing malware from GitHub repositories. Binance mystery boxes are sets of random non-fungible token items that people buy, hoping they'll receive a unique or rare item at a bargain price.

Ukraine's security agency has shut down five bot farms since the start of Russia's invasion of the country almost five weeks ago, slowing down a Russian operation designed to spread disinformation in the war-torn country and to sow panic among its frightened residents. In a statement this week, Ukraine's Security Service said the bot farms were located in Kharkiv - a city near the northern border of Russia that has been the site of some of the fiercest fighting - Cherkasy along the Dnieper River that cuts through the country, and the Ternopil and Zakarpattia regions in the western part of Ukraine.

The Ukrainian Security Service has announced that since the start of the war with Russia, it has discovered and shut down five bot farms with over 100,000 fake social media accounts spreading fake news. The network, which operated in Kharkiv, Cherkasy, Ternopil, and Zakarpattia, aimed to discourage Ukrainian citizens and instill panic by distributing false information about the Russian invasion and the status of the defenders.

Netacea announced the results from a new report showing that most businesses do not fully understand the threat bots pose, leaving those organizations vulnerable to threats. The report surveyed 440 businesses across the travel, entertainment, eCommerce, financial services, and telecoms sectors in the US and the UK. The report found that while most businesses were aware that bots were an issue, many were confused about where attacks originate and what technologies and techniques were effective against bots.

As for its endgame, CPR researchers described the newly discovered and analyzed Electron Bot backdoor as "a modular SEO-poisoning malware" used "For social-media promotion and click fraud." Electron Bot can also promote online products: another way to generate PPC revenue or increase a store's rating for higher sales.

Just since Feb. 1, analysts have watched phishing email attacks impersonating LinkedIn surge 232 percent, attempting to trick job seekers into giving up their credentials. The phishing emails themselves were convincing dupes, built in HTML templates with the LinkedIn logo, colors and icons, the report added.

An IRC bot strain programmed in GoLang is being used to launch distributed denial-of-service attacks targeting users in Korea. "Additionally, the DDoS malware was installed via downloader and UDP RAT was used."

While researching a recent large-scale bot campaign with CQ Prime Threat Research team lead, Dean Lendrum, we found attackers using domain parking and monetization services to register multiple domains, creating a large number of fake eCommerce accounts per domain. Patterns observed include irregular domain names, domain resolving to an untrusted web app, SSL not enabled.

Kasada released new data on the latest fraud and malicious automation trends, revealing increased threats during the holidays; rising attacks by bots; and the discovery of a new amped up All in One Grinch Bot that is being used extensively during hype drop sales. Majority of Black Friday bad bots come from the USA, followed by Australia and the UK. "As we approach 2022, the frequency and severity of bad bots continue to threaten online businesses," said Sam Crowther, CEO, Kasada.

All-in-one Grinch bots are working over time this holiday season and using automation to steal gift cards and scoop up limited quantities of in-demand products. The Kasada Threat Intelligence Team identified these bad bot trends during the online holiday shopping season, based on data from the company's e-commerce customers.