Tag : phishing

28 attack reports | 0 vulnerabilities

Attack Reports

Title Published Tags Description Number of indicators
Dipping into Danger: The WARMCOOKIE backdoor June 12, 2024, 10:41 a.m. Elastic Security Labs identified a new wave of email campaigns targeting environments by deploying a novel backdoor dubbed WARMCOOKIE, which communicates via HTTP cookie parameter… 6
Search & Spoof: Abuse of Windows Search to Redirect to Malware June 11, 2024, 1:36 p.m. Trustwave SpiderLabs has uncovered a sophisticated malicious campaign that exploits the Windows search functionality embedded in HTML code to deploy malware. The campaign initiate… 2
RAT Distributed as UUEncoding (UUE) File June 11, 2024, 10:11 a.m. This intelligence report describes a malicious operation where the Remcos Remote Access Trojan (RAT) is being disseminated through phishing emails containing an attachment exploit… 3
New Agent Tesla Campaign Targeting Spanish-Speaking People June 10, 2024, 11:24 a.m. This report analyzes a phishing campaign spreading a new Agent Tesla variant designed to infiltrate victims' computers and steal sensitive information like credentials, email cont… 6
Cybercriminals attack banking customers in EU with V3B phishing kit June 10, 2024, 11:20 a.m. An analysis reveals that a cybercriminal group is distributing sophisticated phishing kits to target banking customers in the European Union. These kits, designed to steal sensiti… 44
Howling at the Inbox: Sticky Werewolf's Latest Malicious Aviation Attacks June 7, 2024, 8 a.m. Morphisec Labs has been monitoring increased activity associated with Sticky Werewolf, a suspected geopolitical or hacktivist group. While their origin remains unclear, recent tec… 14
DarkGate again but... Improved? June 6, 2024, 8:16 a.m. The report details the latest developments surrounding the DarkGate remote access trojan, including its enhanced capabilities in version 6, the activities of its developer RastaFa… 313
Warning Against Phishing Emails Prompting Execution of Commands via Paste June 6, 2024, 7:18 a.m. This report details a phishing campaign distributing malicious HTML files through emails. The files prompt users to paste and run malicious PowerShell commands that initiate a mul… 15
Fake Bahrain Government Android App Steals Personal Data Used for Financial Fraud June 3, 2024, 11:21 a.m. An analysis by McAfee's Mobile Research Team uncovered an Android InfoStealer malware masquerading as a government service app in Bahrain. The malicious app, promoted through dece… 14
Chat Messenger voting topics - a new way to steal accounts is gaining momentum May 31, 2024, 1:24 p.m. The Government Emergency Response Team of Ukraine CERT-UA informs about the increase in the number of cyberattacks aimed at gaining access to the accounts of popular messengers, i… 230
Disrupting FlyingYeti's campaign targeting Ukraine May 31, 2024, 12:19 p.m. This report details Cloudforce One's real-time effort to detect, deny, degrade, disrupt, and delay a phishing campaign by the Russia-aligned threat actor FlyingYeti targeting Ukra… 8
'Reptile Recon': Discovering CryptoChameleon fast flux IOFAs. Hundreds of domains, IPs, and ASNs discovered May 30, 2024, 9:31 a.m. A report detailing the analysis of the CryptoChameleon phishing kit, which is used to harvest sensitive information from employees and customers across various platforms. Silent P… 30
Side Loading through IObit against Colombia May 29, 2024, 11:06 a.m. In May 2024, researchers detected a phishing campaign impersonating the Colombian Attorney General's Office, aiming to infect systems with AsyncRAT malware. The attack employs a Z… 3
Phishing with Cloudflare Workers: Transparent Phishing and HTML Smuggling May 28, 2024, 12:36 p.m. Netskope Threat Labs has been tracking an increase in phishing campaigns hosted on Cloudflare Workers. The campaigns use techniques like HTML smuggling and transparent phishing to… 134
Analysis and Detection of CLOUD#REVERSER: An Attack Involving Threat Actors Compromising Systems Using A Sophisticated Cloud-Based Malware May 22, 2024, 7:39 a.m. Securonix Threat Research has uncovered a sophisticated malware campaign, dubbed CLOUD#REVERSER, that leverages popular cloud storage services like Google Drive and Dropbox for ma… 16
D3F@ck Loader, the New MaaS Loader May 21, 2024, 9:03 p.m. In March 2024, eSentire's Threat Response Unit (TRU) discovered multiple instances of D3F@ck Loader infections being propagated via Google Ads. This new loader, which debuted on h… 3
Banking trojan unleashed: Observing emerging global campaigns May 20, 2024, 9:40 a.m. IBM's X-Force has been tracking large-scale phishing campaigns distributing the Grandoreiro banking trojan, likely operated as a Malware-as-a-Service. The malware targets over 150… 18
From Document to Script: Insides of Campaign May 17, 2024, 9:38 a.m. This report examines a recent malicious campaign initiated via phishing emails, seemingly from 'QuickBooks,' prompting users to install Java. Clicking the embedded link leads to d… 11
Payload Trends in Malicious OneNote Samples May 16, 2024, 5:25 p.m. This analysis examines the types of malicious payloads that attackers embed within Microsoft OneNote files to deceive users into executing malicious code. By analyzing approximate… 550
SugarGh0st RAT Used to Target American Artificial Intelligence Experts May 16, 2024, 10:07 a.m. This intelligence report provides details about a SugarGh0st RAT campaign conducted by an unattributed threat actor, tracked as UNK_SweetSpecter, targeting organizations in the Un… 9
Romance Scams Urging Investment May 13, 2024, 9:38 a.m. The report details an investigation into romance scams that exploit emotional connections to solicit money under the guise of cryptocurrency investments. Perpetrators pose as pote… 3
StopRansomware: Black Basta May 13, 2024, 9:31 a.m. This advisory details tactics, techniques, procedures and indicators of compromise related to Black Basta ransomware, a variant first identified in April 2022. Its affiliates have… 174
New Campaigns from Scattered Spider May 10, 2024, 8:33 a.m. Scattered Spider, a financially motivated threat actor group, has been conducting aggressive phishing campaigns targeting various industries, particularly the finance and insuranc… 118
APT28 campaign against Polish government institutions May 8, 2024, 3:37 p.m. The CERT Polska team is investigating a large-scale malware campaign carried out by the Russian intelligence group APT28, which has been targeting Polish government institutions i… 74
Scaly Wolf’s new loader: the right tool for the wrong job May 2, 2024, 2:48 p.m. The report analyzes a recent campaign by the Scaly Wolf threat group targeting organizations in Russia and Belarus. The group employs phishing emails disguised as communications f… 23
Nearly 20% of Docker Hub Repositories Spread Malware & Phishing Scams May 1, 2024, 7:59 p.m. This report details an investigation by JFrog Security researchers on a coordinated attack on Docker Hub, where millions of malicious repositories were planted to spread malware a… 46
Linux Trojan - Xorddos with Filename eyshcjdmzg May 1, 2024, 7:55 p.m. This analysis examines a recurring Linux trojan called Xorddos, which is a distributed denial-of-service (DDoS) malware. It provides details on various file hashes associated with… 11
FakeBat Malware Distributing via Fake Browser Updates April 29, 2024, 6:18 p.m. This report details a recent malware campaign leveraging fake browser update notifications to distribute the FakeBat loader. The campaign employs sophisticated social engineering … 6