Tag: fraud

14 Attack Reports | 0 Vulnerabilities

Attack reports

Steam Phishing: Popular as Ever

A recent phishing campaign targeting Steam users has been identified, involving deceptive messages sent through the platform's Friends list. The attackers use fraudulent URLs that closely mimic Steam's official domain, directing users to a fake 'Summer Gift Marathon' page. Upon logging in, users' c…
phishing
social engineering
credential theft
fraud
cybersecurity
gaming
steam
2025-06-20
Published: June 20, 2025
Downloadable IOCs: 31

Astrill VPN and DPRK Remote Worker Fraud

Spur Engineering is releasing a comprehensive list of IP addresses associated with the Astrill VPN service to help companies protect against fraud and abuse from the Democratic Republic of Korea (DPRK) in the future.
north korea
fraud
vpn
dprk
infrastructure
astrill vpn
2025-03-05
Published: March 5, 2025
Downloadable IOCs: 2360

New Linux Malware Targeting ATMs for Financial Fraud

A recent analysis reveals a new variant of the FASTCash malware, designed to compromise financial networks by manipulating payment transactions. Developed by threat actors potentially linked to North Korean hacking groups, this Linux version specifically targets Ubuntu 20.04 systems in ATMs. It int…
malware
linux
fraud
fastcash
2024-10-17
financial
transaction
atm
Published: October 17, 2024
Downloadable IOCs: 12

The Emerging Dynamics of Deepfake Scam Campaigns on the Web

Researchers have uncovered dozens of scam campaigns utilizing deepfake videos featuring public figures like CEOs, news anchors, and government officials. These campaigns target victims in multiple countries using various languages. The scams promote fake investment schemes and government giveaways.…
phishing
social engineering
impersonation
fraud
ai
scams
2024-08-29
genai
deepfakes
2024-09-02
investment fraud
infrastructure analysis
Published: September 2, 2024
Downloadable IOCs: 428

Hundreds of online stores hacked in new campaign

A cybersecurity report details a malware campaign targeting numerous e-commerce websites running the popular Magento platform. Threat actors exploited a vulnerability to inject malicious code that skims payment data from online shoppers during checkout. The skimmer code is loaded from attacker-cont…
injection
fraud
2024-08-23
magento
skimming
payment
e-commerce
Published: August 23, 2024
Downloadable IOCs: 15

2024 Paris Olympic Games Infrastructure Attack Report

This report examines the malicious activities surrounding the 2024 Paris Olympic Games, where adversaries set up fraudulent social media profiles, online stores, ticketing systems, and cryptocurrencies to exploit the event's popularity. Researchers analyzed newly registered domains (NRDs) before th…
phishing
cryptocurrency
cybercrime
fraud
olympics
2024-08-16
Published: August 16, 2024
Downloadable IOCs: 148

2024 OLYMPICS-THEMED DOMAINS USED FOR CHINESE GAMBLING SITES

Cybercriminals seize high-profile events like the Olympic Games to orchestrate malicious campaigns. Researchers observed a surge in newly registered domains with Olympic themes used for illicit activities such as gambling sites, money laundering, and human trafficking schemes. These domains imperso…
fraud
olympics
2024-08-13
scams
gambling
illicit activities
Published: August 13, 2024
Downloadable IOCs: 7

BingoMod: The new android RAT that steals money and wipes data

In late May 2024, a new Android Remote Access Trojan (RAT) named BingoMod emerged, aiming to initiate fraudulent money transfers from compromised devices using a technique called On-Device Fraud (ODF). After installation, BingoMod steals sensitive information, conducts overlay attacks, and provides…
rat
android
fraud
banking
2024-08-02
bingomod
Published: August 2, 2024
Downloadable IOCs: 3

Ticket Heist: Olympic Games and Sporting Events at Risk

This analysis examines an ongoing, undetected fraudulent campaign named 'Ticket Heist' targeting Russian-speaking users, several Eastern European countries, and English-speaking individuals seeking tickets for various sporting events and festivals. The campaign involves a network of 708 fraudulent …
impersonation
fraud
2024-07-10
olympics
tickets
uefa
events
Published: July 10, 2024
Downloadable IOCs: 685

A New Compact Variant Discovered

Security researchers at Cleafy Labs detected a resurgence of the Medusa banking trojan, which targets Android devices for on-device fraud. The new variant exhibits a lightweight permission set, expanded geographical targeting, and the adoption of droppers for distribution. It introduces capabilitie…
android
trojan
fraud
medusa
2024-06-26
tanglebot
Published: June 26, 2024
Downloadable IOCs: 50

Smishing Triad Is Targeting Pakistan To Defraud Banking Customers At Scale

Resecurity has identified a new activity of a cybercrime group known as Smishing Triad, which has expanded its operations to Pakistan. The group is employing tactics involving sending malicious messages impersonating Pakistan Post to customers of mobile carriers via iMessage and SMS, with the goal …
impersonation
pakistan
fraud
2024-06-12
smishing
Published: June 12, 2024
Downloadable IOCs: 14

Cybercriminals attack banking customers in EU with V3B phishing kit

An analysis reveals that a cybercriminal group is distributing sophisticated phishing kits to target banking customers in the European Union. These kits, designed to steal sensitive information like credentials and OTP codes, utilize social engineering tactics to deceive victims into revealing pers…
phishing
cybercrime
fraud
social-engineering
banking
2024-06-10
Published: June 10, 2024
Downloadable IOCs: 44

Fake Bahrain Government Android App Steals Personal Data Used for Financial Fraud

An analysis by McAfee's Mobile Research Team uncovered an Android InfoStealer malware masquerading as a government service app in Bahrain. The malicious app, promoted through deceitful Facebook pages and SMS messages, tricks users into providing personal information like CPR numbers, phone numbers,…
phishing
android
infostealer
fraud
malicious
2024-06-03
android/infostealer
Published: June 3, 2024
Downloadable IOCs: 14

Romance Scams Urging Investment

The report details an investigation into romance scams that exploit emotional connections to solicit money under the guise of cryptocurrency investments. Perpetrators pose as potential romantic partners or friends to gain trust and eventually introduce victims to fake cryptocurrency exchanges desig…
phishing
social engineering
impersonation
cryptocurrency
2024-05-08
scam
fraud
romance
2024-05-09
2024-05-10
2024-05-13
Published: May 13, 2024
Downloadable IOCs: 3
Click here to see more Attack Reports