Today > | 1 Medium vulnerabilities - You can now download lists of IOCs here!
8 attack reports | 0 vulnerabilities
A new Gootloader variant has been discovered using search engine optimization (SEO) poisoning to target Australian Bengal cat enthusiasts. The campaign uses Google search results for 'Are Bengal Cats legal in Australia?' to deliver malicious payloads. When users click on compromised links, a zip fi…
A sophisticated fraud scheme dubbed 'Phish 'n' Ships' has been uncovered, involving fake web shops that exploit digital payment providers to steal consumers' money and credit card information. The operation, traced back to 2019, has infected over 1,000 websites, created 121 fake web stores, and res…
LUNAR SPIDER, a Russian-speaking financially motivated threat group, has resumed operations following law enforcement disruptions. They've shifted from using IcedID to leveraging Latrodectus and Brute Ratel C4 malware, targeting financial services through SEO poisoning malvertising campaigns. The g…
Insikt Group unveiled Rhysida's complex infrastructure, comprising typo-squatted domains for SEO poisoning, payload servers, CleanUpLoader C2 infrastructure, and higher-tier components including an admin panel and Zabbix monitoring server. This multi-tiered setup enables early victim identification…
A global malware campaign targeting mainly Russian-speaking users has been distributing cryptocurrency mining malware through fake software download sites, Telegram channels, and YouTube videos. The multi-stage infection chain uses unusual techniques for persistence and evasion, including hiding ma…
A variant of WikiLoader loader for rent, also known as WailingCrab, is being delivered via SEO poisoning and spoofing of GlobalProtect VPN software. The campaign primarily affects U.S. higher education and transportation sectors. The infection chain involves multiple stages, including DLL sideloadi…
Trend Micro recently discovered a threat actor group dubbed Void Arachne targeting Chinese-speaking users with malicious Windows Installer (MSI) files containing legitimate software bundled with malicious Winos payloads. The campaign promotes compromised MSI files embedded with nudifiers, deepfake …
The analysis delves into the intricate workings of the Gootloader malware campaign. Through a meticulously crafted social engineering scheme involving SEO poisoning and fake forums, threat actors lure unsuspecting victims into downloading a malicious JavaScript file disguised as a legitimate resour…