Threat actors are abusing the core features of the popular Discord digital communication platform to persistently deliver various types of malware-in particular remote access trojans that can take over systems-putting its 150 million users at risk, researchers have found. Researchers warn, "Many files sent across the Discord platform are malicious, pointing to a significant amount of abuse of its self-hosted CDN by actors by creating channels with the sole purpose of delivering these malicious files," according to a report published Thursday by Team RiskIQ. Initially Discord attracted gamers, but the platform is now being used by organizations for workplace communication.
Widespread malware campaigns are creating YouTube videos to distribute password-stealing trojans to unsuspecting viewers. Password stealing trojans are malware that quietly runs on a computer while stealing passwords, screenshots of active windows, cookies, credit cards stored in browsers, FTP credentials, and arbitrary files decided by the threat actors.
An ongoing malware distribution campaign targeting South Korea is disguising RATs as an adult game shared via webhards and torrents. The attackers are using easily obtainable malware such as njRAT and UDP RAT, wrap them in a package that appears like a game or other program, and then upload them on webhards.
Google says YouTube creators have been targeted with password-stealing malware in phishing attacks coordinated by financially motivated threat actors. The threat actors used social engineering and phishing emails to infect YouTube creators with information-stealing malware, chosen based on each attacker's preference.
Microsoft has been branded as "The world's best malware hoster for about a decade," thanks to abuse of the Office 365 and Live platform, as well as its slow response to reports by security researchers. TheAnalyst noted that a BazarLoader malware campaign was hosting its malware on Microsoft's OneDrive service.
"The Harvester group uses both custom malware and publicly available tools in its attacks, which began in June 2021, with the most recent activity seen in October 2021. Sectors targeted include telecommunications, government, and information technology," Symantec researchers said. "The capabilities of the tools, their custom development, and the victims targeted, all suggest that Harvester is a nation-state-backed actor."
People were receiving free NFTs from an unknown benefactor, but when they accepted the gift the attackers got access to their wallet information in OpenSea's storage systems. Arming robots with sniper rifles, not worrying at all.
The operators behind the pernicious TrickBot malware have resurfaced with new tricks that aim to increase its foothold by expanding its distribution channels, ultimately leading to the deployment of ransomware such as Conti. The threat actor, tracked under the monikers ITG23 and Wizard Spider, has been found to partner with other cybercrime gangs known Hive0105, Hive0106, and Hive0107, adding to a growing number of campaigns that the attackers are banking on to deliver proprietary malware, according to a report by IBM X-Force.
An Android app sitting on the Google Play store touts itself to be a photo editor app. Like many Android apps, the "Blender Photo Editor-Easy Photo Background Editor" app comes with the sign-in with Facebook functionality.