6 matches found
Hacked sites deliver Vidar infostealer to Windows users
In recent years, ClickFix and fake CAPTCHA techniques have become a popular way for cybercriminals to distribute malware. Instead of exploiting a technical vulnerability, these attacks rely on convincing people to run malicious commands themselves. Our researchers have recently detected a campaig...
Hackers Abuse Blockchain Smart Contracts to Spread Malware via Infected WordPress Sites
A financially motivated threat actor codenamed UNC5142 has been observed abusing blockchain smart contracts as a way to facilitate the distribution of information stealers such as Atomic AMOS, Lumma, Rhadamanthys aka RADTHIEF, and Vidar, targeting both Windows and Apple macOS systems. "UNC5142 is...
Nitrogen shelling malware from hacked sites
Nitrogen is the name given to a campaign and associated malware that have been distributed via malicious search ads. Its signature move is using Python and DLL side-loading to connect to the attackers command and control server. In this blog post, we look at a recent Nitrogen campaign and...
Spear-Phishing Campaign Exploits Glitch Platform to Steal Credentials
A long-term spear-phishing campaign is targeting employees of major corporations with emails containing PDFs that link to short-lived Glitch apps hosting credential-harvesting SharePoint phishing pages, researchers have found. Researchers from DomainTools discovered the suspicious PDFs – which...
WordPress Sites Abused in Aggah Spear-Phishing Campaign
Threat actors are using compromised WordPress websites to target manufacturers across Asia with a new spear-phishing campaign that delivers the Warzone RAT, a commodity infostealer available widely for purchase on criminal forums, researchers have found. The threat group Aggah, believed to be...
Analysis: Flashback Spread Via Social Engineering, Then Java Exploits
Kaspersky Lab‘s latest analysis of the Mac OS X Flashback botnet reveals that the botnet’s malware was spread via drive-by downloads on hacked WordPress web sites. From September 2011 until February 2012, the Flashback creators distributed the trojan through compromised WordPress sites that...