Security News

The notorious information-stealer known as Vidar is continuing to leverage popular social media services such as TikTok, Telegram, Steam, and Mastodon as an intermediate command-and-control server. What's new in the latest version of the malware is that the gathered data is encoded prior to exfiltration, a change from the previous variants that have been known to send the compressed file data in plaintext format.

A new phishing campaign is exploiting the increasing interest of security community members towards Flipper Zero to steal their personal information and cryptocurrency. [...]

Threat actors behind a recent malware campaign have been using the stolen information of bank customers in Colombia as lures in phishing emails designed to infect targets with the BitRAT remote access trojan, according to cloud security firm Qualys. The company found that the infrastructure of an undisclosed Colombian cooperative bank had been hijacked by attackers while investigating BitRAT lures in active phishing attacks.

A new targeted phishing campaign has zoomed in on a two-factor authentication solution called Kavach that's used by Indian government officials. LNK files are used to initiate code execution which eventually downloads and runs a malicious C# payload, which functions as a remote access trojan," Securonix researchers Den Iuzvyk, Tim Peck, and Oleg Kolesnikov said in a new report.

The FBI warns that threat actors are using search engine advertisements to promote websites distributing ransomware or stealing login credentials for financial institutions and crypto exchanges. These ads appear at the top of search result pages and link to sites that look identical to the impersonated company's website.

A new phishing campaign uses Facebook posts as part of its attack chain to trick users into giving away their account credentials and personally identifiable information. The link to appeal the account deletion is an actual Facebook post on facebook.com, helping threat actors bypass email security solutions and ensure their phishing messages land in the target's inbox.

Unknown threat actors have uploaded a massive 144,294 phishing-related packages on open-source package repositories, inluding NPM, PyPi, and NuGet. The large-scale attack resulted from automation, as the packages were uploaded from accounts using a particular naming scheme, featured similar descriptions, and led to the same cluster of 90 domains that hosted over 65,000 phishing pages.

Cloud computing provider Rackspace warned customers on Thursday of increased risks of phishing attacks following a ransomware attack affecting its hosted Microsoft Exchange environment. Some customers are also reporting an increase in phishing emails impersonating Rackspace since the ransomware attack.

In this Help Net Security video, Roman Faithfull, Cyber Intelligence Analyst at Digital Shadows, talks about how threat actors mobilize new members within the cybercriminal ecosystem. Cybercriminal forums are awash with users advertising and requesting the services of developers to design fresh new malware.

To help combat the constant risk of password theft, Microsoft added phishing protection in Windows 11 Version 22H2. When enabled, Enhanced Phishing Protection is offered through Microsoft Defender SmartScreen. If Enhanced Phishing Protection detects a user entered their Windows password into a website or an application, an alert and prompt are shown warning the user to change their password.