Tag: financial fraud

15 Attack Reports | 0 Vulnerabilities

Attack reports

Greedy Sponge Targets Mexico with AllaKore RAT and SystemBC

A financially motivated threat group dubbed Greedy Sponge has been targeting Mexican organizations since 2021 with a modified version of AllaKore RAT and SystemBC malware. The group uses spear-phishing and drive-by downloads to deliver custom packaged installers containing the RAT. Recent updates i…
allakore rat
financial fraud
credential theft
drive-by download
systembc
spear-phishing
geofencing
2025-08-21
mexico
Published: August 21, 2025
Downloadable IOCs: 0

A Special Mission to Nowhere

A phishing campaign exploiting the aftermath of a military conflict between Israel and Iran has been identified. The scam, using a fake domain 'lineageembraer.online', offers evacuation flights from Tel Aviv to New York on an Embraer Lineage 1000E business jet. The website presents unrealistic pric…
phishing
financial fraud
scam
aviation
identity theft
2025-07-23
middle east crisis
evacuation
embraer
Published: July 23, 2025
Downloadable IOCs: 1

Discovery of Qwizzserial: A New Android SMS Stealer Family

A new Android SMS stealer family, named Qwizzserial, has been uncovered, primarily targeting users in Uzbekistan. The malware exploits the reliance on SMS for two-factor authentication in local payment systems, allowing fraudsters to intercept SMS messages and gain control over victims' finances. D…
financial fraud
sms stealer
2025-07-04
qwizzserial
Published: July 4, 2025
Downloadable IOCs: 1188

Malicious Loan App Removed from iOS and Google Play App Store Posed Severe Risks to Users

A SpyLoan application called 'RapiPlata' was identified on a victim's device, having been downloaded by over 150,000 users from both Google Play and Apple App Store. The app, which ranked in the top 20 finance category in Colombia, had extensive access to sensitive user data, including SMS messages…
data theft
financial fraud
mobile security
2025-06-20
spyloan
app store security
préstamo rápido
rapiplata
sms scanning
predatory lending
Published: June 20, 2025
Downloadable IOCs: 18

Fake Social Security Statement emails trick users into installing remote tool

A phishing campaign is targeting users with fake emails purportedly from the US Social Security Administration. These emails aim to trick recipients into installing ScreenConnect, a legitimate remote access tool that can be misused by cybercriminals. The campaign, attributed to a group called Molat…
screenconnect
phishing
social engineering
financial fraud
remote access tool
2025-05-01
social security administration
Published: May 1, 2025
Downloadable IOCs: 0

Security Brief: French BEC Threat Actor Targets Property Payments

A new financially motivated business email compromise (BEC) threat actor, TA2900, has been identified targeting individuals in France and occasionally Canada. The actor sends French language emails using rental payment themes, claiming that rental installments have not been received and instructing…
social engineering
financial fraud
email compromise
bec
2025-04-29
france
iban
rental payments
property management
Published: April 29, 2025
Downloadable IOCs: 3

Decoding Fake US ESTA Emails: Scam or Real Deal?

An increase in malicious emails impersonating US Customs and Border Protection has been observed, targeting individuals with fake Electronic System for Travel Authorization (ESTA) applications. These well-crafted emails exploit uncertainty around immigration services, urging recipients to submit ne…
phishing
financial fraud
identity theft
2025-04-28
immigration
us customs and border protection
Published: April 28, 2025
Downloadable IOCs: 0

Valentine's Day Cyber Attack Landscape: Exploiting Love Through Digital Deception

Valentine's Day 2025 has become a focal point for sophisticated cybersecurity threats, with attackers exploiting emotional vulnerabilities and seasonal shopping behaviors. A complex network of scams has emerged, including OAuth-based phishing, brand impersonation, and cryptocurrency fraud. These th…
phishing
social engineering
cryptocurrency
financial fraud
social media
e-commerce
brand impersonation
oauth
2025-02-15
valentine's day
Published: February 15, 2025
Downloadable IOCs: 0

Security Brief: Threat Actors Take Taxes Into Account

Proofpoint researchers have identified an increase in campaigns and malicious domains impersonating tax agencies and financial organizations. This aligns with the annual increase in tax-related content observed from December through April. Phishing lures impersonate government agencies and financia…
xworm
rhadamanthys
financial fraud
asyncrat
venomrat
credential harvesting
metastealer
zgrat
malware delivery
government impersonation
2025-01-28
intuit
mygov
hmrc
tax-themed phishing
revolut
Published: January 28, 2025
Downloadable IOCs: 0

Marketplace for stolen credit cards disrupted by feds

Federal authorities have shut down PopeyeTools, an illicit online marketplace operating since 2016, which sold stolen credit card data and cybercrime tools. Three alleged administrators from Pakistan and Afghanistan face criminal charges. The platform offered credit card numbers, bank account infor…
financial fraud
2024-11-22
popeyetools
credit card fraud
cryptocurrency seizure
cybercrime marketplace
law enforcement takedown
Published: November 22, 2024
Downloadable IOCs: 2

Financially Motivated Chinese Threat Actor SilkSpecter Targeting Black Friday Shoppers

A Chinese financially motivated threat actor, dubbed SilkSpecter, has been uncovered targeting e-commerce shoppers in Europe and USA with a phishing campaign leveraging Black Friday discounts. The actor uses fake discounted products as lures to steal Cardholder Data, Sensitive Authentication Data, …
phishing
financial fraud
e-commerce
chinese threat actor
2024-11-14
oemapps
black friday
google translate
stripe
Published: November 14, 2024
Downloadable IOCs: 13

Rat King: How the Android Trojan CraxsRAT Steals User Data

CraxsRAT, an Android trojan, has been targeting Russian and Belarusian users since summer 2024. It masquerades as legitimate apps like government services, antivirus software, and telecom operators. The malware spreads through social engineering tactics, prompting users to download malicious APK fi…
espionage
social engineering
android
data theft
trojan
financial fraud
remote access
craxsrat
2024-10-31
Published: October 31, 2024
Downloadable IOCs: 0

Uncovering the Lounge Pass Scam Campaign: Targeted Android SMS Stealer Preying on Air Travellers

A sophisticated scam targeting air travelers in Indian airports has been uncovered, involving a malicious Android app called 'Lounge Pass'. The app, distributed through fake domains, intercepts and forwards SMS messages from victims' devices to cybercriminals, resulting in significant financial los…
phishing
android
financial fraud
2024-10-25
sms stealer
airport scam
travel security
lounge pass
lounge access
mobile security
Published: October 25, 2024
Downloadable IOCs: 0

How do cryptocurrency drainer phishing scams work?

Cryptodrainer phishing scams have emerged as a significant threat, targeting unsuspecting individuals through deceptive tactics to steal their digital assets. These scams lure victims with promises of profits while covertly siphoning their cryptocurrency. Attackers employ social engineering techniq…
phishing
social engineering
cryptocurrency
financial fraud
cybercrime
2024-07-10
Published: July 10, 2024
Downloadable IOCs: 14

SecretCalls: A Formidable App of Notorious Korean Financial Fraudster

Voice phishing groups in South Korea build phishing pages and apps like SecretCalls to trick victims into installing malware and accessing phishing sites for financial fraud. Detailed analysis of SecretCalls Loader reveals anti-analysis techniques like DEX encryption, emulator detection, and instal…
android
2024-05-03
south korea
financial fraud
secretcalls
voice phishing
Published: May 3, 2024
Downloadable IOCs: 23
Click here to see more Attack Reports