Tag: brand impersonation

9 Attack Reports | 0 Vulnerabilities

Attack reports

Brand impersonation, online ads, and malicious merchants help purchase scam network prey on victims

A network of 71 purchase scam websites has been identified, linked to 12 shared merchant accounts used for fraudulent transactions. The scams employ brand impersonation, online ads, and malicious merchants to target victims. The network, operational since February 2025, uses typosquatting and brand…
typosquatting
brand impersonation
2025-05-20
dark web services
online ads
transaction laundering
purchase scam
Published: May 20, 2025
Downloadable IOCs: 71

New Finance Scam Discovered Abusing Niche X/Twitter Advertising Loophole

A new financial scam has been uncovered that exploits a loophole in X/Twitter's advertising display URL feature. The scam spoofs legitimate domains like CNN while directing users to a cryptocurrency scam website impersonating Apple's brand. The fraudulent site promotes a fake 'iToken' and includes …
cryptocurrency
apple
brand impersonation
2025-05-09
x/twitter
url spoofing
domain redirection
Published: May 9, 2025
Downloadable IOCs: 65

CoGUI Phish Kit Targets Japan with Millions of Messages

A sophisticated phishing kit named CoGUI is targeting Japanese organizations with high-volume campaigns, primarily impersonating consumer and finance brands to steal credentials and payment data. The kit employs advanced evasion techniques like geofencing and fingerprinting to avoid detection. Sinc…
phishing
credential theft
brand impersonation
2025-05-06
darcula
cogui
Published: May 6, 2025
Downloadable IOCs: 7

Power Parasites: Job & Investment Scam Campaign Targets Energy Companies and Major Brands

A scam campaign dubbed 'Power Parasites' is targeting individuals in Asian countries through deceptive websites, social media groups, and Telegram channels. The campaign exploits the names and branding of global energy companies and other major brands to conduct job and investment scams. Victims ar…
phishing
social engineering
telegram
social media
investment fraud
brand impersonation
2025-04-24
job scam
Published: April 24, 2025
Downloadable IOCs: 0

DeepSeek Lure Used To Spread Malware

Cybercriminals are exploiting DeepSeek's popularity by creating fake look-alike domains to deliver the Vidar information stealer. The attack chain involves a deceptive website that prompts users to complete a fake partner registration, leading to a malicious CAPTCHA page. This page injects a PowerS…
cryptocurrency
vidar
captcha
brand impersonation
deepseek
2025-02-25
clipboard injection
Published: February 25, 2025
Downloadable IOCs: 40

Valentine's Day Cyber Attack Landscape: Exploiting Love Through Digital Deception

Valentine's Day 2025 has become a focal point for sophisticated cybersecurity threats, with attackers exploiting emotional vulnerabilities and seasonal shopping behaviors. A complex network of scams has emerged, including OAuth-based phishing, brand impersonation, and cryptocurrency fraud. These th…
phishing
social engineering
cryptocurrency
financial fraud
social media
e-commerce
brand impersonation
oauth
2025-02-15
valentine's day
Published: February 15, 2025
Downloadable IOCs: 0

How Threat Actors Exploit Brand Collaborations to Target Popular YouTube Channels

Cybercriminals are targeting YouTube creators through sophisticated phishing campaigns that impersonate trusted brands offering collaboration deals. The malware is disguised as legitimate documents and delivered via password-protected files on platforms like OneDrive. Once downloaded, it steals sen…
phishing
social engineering
youtube
brand impersonation
2024-12-17
content creators
Published: December 17, 2024
Downloadable IOCs: 3

Hello again, FakeBat: popular loader returns after months-long hiatus

FakeBat, a loader previously known as Eugenloader and PaykLoader, has resurfaced after a three-month absence. The malware was distributed through a malicious Google ad impersonating the productivity application Notion. The attack chain involves a tracking template, cloaking domain, and a decoy site…
loader
obfuscation
malvertising
powershell
lummac2
stealer
fakebat
google ads
brand impersonation
2024-11-11
Published: November 11, 2024
Downloadable IOCs: 19

Phishing Via Typosquatting and Brand Impersonation: Trends and Tactics

From February to July 2024, an analysis of over 500 popular domains revealed more than 10,000 malicious lookalike domains employing typosquatting and brand impersonation techniques. Google, Microsoft, and Amazon were the most targeted brands, accounting for nearly 75% of phishing domains. Almost ha…
phishing
typosquatting
credential theft
scams
domain abuse
2024-09-12
brand impersonation
certificate abuse
Published: September 12, 2024
Downloadable IOCs: 10
Click here to see more Attack Reports