Security News

The Black Basta ransomware gang has partnered with the QBot malware operation to gain initial access to corporate environments. QBot is Windows malware that steals bank credentials, Windows domain credentials, and delivers further malware payloads on infected devices.

Bad bots are often the first indicator of online fraud and represent a risk to digital businesses, as well as their customers. In 2021, evasive bad bots - a grouping of moderate and advanced bad bots that elude standard security defenses - made up 65.6% of all bad bot traffic.

That's according to Arkose Labs, which claimed in its latest State of Fraud and Account Security report that one in four online accounts created in Q1 2022 were fake and used for fraud, scams, and the like. In total, 93 percent of all attacks against Arkose Labs' customers were bot-driven, it's claimed; data scraping increased by 250 percent while four percent of all logins in Q1 were credential-stuffing attempts.

A new RedLine malware distribution campaign promotes fake Binance NFT mystery box bots on YouTube to lure people into infecting themselves with the information-stealing malware from GitHub repositories. Binance mystery boxes are sets of random non-fungible token items that people buy, hoping they'll receive a unique or rare item at a bargain price.

Ukraine's security agency has shut down five bot farms since the start of Russia's invasion of the country almost five weeks ago, slowing down a Russian operation designed to spread disinformation in the war-torn country and to sow panic among its frightened residents. In a statement this week, Ukraine's Security Service said the bot farms were located in Kharkiv - a city near the northern border of Russia that has been the site of some of the fiercest fighting - Cherkasy along the Dnieper River that cuts through the country, and the Ternopil and Zakarpattia regions in the western part of Ukraine.

The Ukrainian Security Service has announced that since the start of the war with Russia, it has discovered and shut down five bot farms with over 100,000 fake social media accounts spreading fake news. The network, which operated in Kharkiv, Cherkasy, Ternopil, and Zakarpattia, aimed to discourage Ukrainian citizens and instill panic by distributing false information about the Russian invasion and the status of the defenders.

Netacea announced the results from a new report showing that most businesses do not fully understand the threat bots pose, leaving those organizations vulnerable to threats. The report surveyed 440 businesses across the travel, entertainment, eCommerce, financial services, and telecoms sectors in the US and the UK. The report found that while most businesses were aware that bots were an issue, many were confused about where attacks originate and what technologies and techniques were effective against bots.

As for its endgame, CPR researchers described the newly discovered and analyzed Electron Bot backdoor as "a modular SEO-poisoning malware" used "For social-media promotion and click fraud." Electron Bot can also promote online products: another way to generate PPC revenue or increase a store's rating for higher sales.

Just since Feb. 1, analysts have watched phishing email attacks impersonating LinkedIn surge 232 percent, attempting to trick job seekers into giving up their credentials. The phishing emails themselves were convincing dupes, built in HTML templates with the LinkedIn logo, colors and icons, the report added.

An IRC bot strain programmed in GoLang is being used to launch distributed denial-of-service attacks targeting users in Korea. "Additionally, the DDoS malware was installed via downloader and UDP RAT was used."