Infostealers are becoming the go-to phishing payload

Phishing has changed. Slowly but surely, cybercriminals are turning to infostealers instead. Traditional phishing hasn't gone away. Far from it. But many attackers are no longer focused solely on tricking victims into entering usernames and passwords on fake login pages. Instead, they are using...

Malicious code in swampo (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 7b8e193e75e6ca7d387f21b53c251e6ee8791d9ec4ca3f37099e765415d36157 Multi-stage dropper. The "analytics" functionality fetches fake updates information that should contain the next URL. From it, a yet another URL is downloaded,...

Fake Zoom and Google Meet Pages Trick Users Into Installing Monitoring Tool

Fake Zoom and Google Meet pages trick users into installing a monitoring software on Windows systems through phishing links and fake updates...

$300 a Month Android Malware ‘Oblivion’ Uses Fake Updates to Hijack Phones

Cybersecurity researchers at Certo reveal Oblivion, a new Android Trojan targeting major brands like Samsung and Xiaomi. It bypasses security to steal passwords and bank codes...

A week in security (November 24 – November 30)

Last week on Malwarebytes Labs: How CVSS v4.0 works: characterizing and scoring vulnerabilities Millions at risk after nationwide CodeRED alert system outage and data breach Holiday shoppers targeted as Amazon and FBI warn of surge in account takeover attacks Fake LinkedIn jobs trick Mac users in...

RomCom Uses SocGholish Fake Update Attacks to Deliver Mythic Agent Malware

The threat actors behind a malware family known as RomCom targeted a U.S.-based civil engineering company via a JavaScript loader dubbed SocGholish to deliver the Mythic Agent. "This is the first time that a RomCom payload has been observed being distributed by SocGholish," Arctic Wolf Labs...

evilgrade

Evilgrade is a modular framework that allows the user to take advantage of poor upgrade implementations by injecting fake updates...

FrigidStealer Malware Hits macOS Users via Fake Safari Browser Updates

FrigidStealer malware targets macOS users via fake browser updates, stealing passwords, crypto wallets, and notes using DNS-based data…...

Magniber ransomware targets home users

If you’ve been following any news about ransomware, you may be under the impression that ransomware groups are only after organizations rather than individual people, and for the most part that’s true. However, Magniber is one ransomware that does target home users. And its back, with full force,...

FakeSG enters the 'FakeUpdates' arena to deliver NetSupport RAT

Over 5 years ago, we began tracking a new campaign that we called FakeUpdates also known as SocGholish that used compromised websites to trick users into running a fake browser update. Instead, victims would end up infecting their computers with the NetSupport RAT, allowing threat actors to gain...

MakeMoney malvertising campaign adds fake update template

Malware authors and distributors are following the ebbs and flow of the threat landscape. One campaign we have tracked for a numbers of years recently introduced a new scheme to possibly completely move away from drive-by downloads via exploit kit. In this quick blog post, we will look at this ne...

Fake Updates Continue To Be A Digital Risk: What To Do?

By Owais Sultan In this digital era, online threats are booming as much as the internet user base. Sometimes, malware infects… This is a post from HackRead.com Read the original post: Fake Updates Continue To Be A Digital Risk: What To Do?...

Ransomware targets Edge users

Unless youve been hiding under a rock for the last twenty years, youve probably heard the one about "keeping your software up to date". Applying software updates promptly is arguably the single most useful thing you can do to keep yourself secure online, and vendors, experts, pundits, and blogs...

Adobe Flash Player reaches end-of-life

“What now? My farm is no longer working. Can you have a look, honey?” Like millions of other people my wife likes to play online browser games. You know, the ones that don’t require a fast connection because your virtual life is not in constant danger, and an occasional harvest is enough to make...

A week in security (October 12 – October 18)

Last week on Malwarebytes Labs, we looked at journalism’s role in cybersecurity on our Lock and Code podcast, gave tips for safer shopping on Amazon Prime day, and discussed an APT attack springing into life as Academia returned to the real and virtual campus environment. We also dug into potenti...

Watering-Holes Target Asian Ethnic Victims with Flash Update Decoy

An extensive campaign has surfaced that targets Windows users belonging to a specific Asian religious and ethnic group. The attack making use of a series of watering-hole websites and a drive-by download gambit relying on fake Flash updates. According to analysis from Kaspersky, released on...

New social engineering toolkit draws inspiration from previous web campaigns

Some of the most common web threats we track have a social engineering component. Perhaps the more popular ones are those encountered via malvertising, or hacked websites that push fraudulent updates. We recently identified a website compromise with a scheme we had not seen before; it's part of a...

Fake Adobe Flash Updates Hide Malicious Crypto Miners

While fake Flash updates that push malware have traditionally been easy to spot and avoid, a new campaign has employed new tricks that stealthily download cryptocurrency miners on Windows systems. To the average user, the newly discovered samples, which have been active as early as August, seem...

Xiongmai IP Cameras, NVRs and DVRs incl. 3rd party OEM devices lack encryption of sensitive data vulnerability

Hangzhou Xiongmai Information Technology Co., Ltd. specializes in security monitoring, video intelligence research and development. Xiongmai IP Cameras, NVRs and DVRs incl. 3rd party OEM devices suffer from a lack of encryption of sensitive data vulnerability, which could allow an attacker to...

Fake Software Update Abuses NetSupport Remote Access Tool

Over the last few months, FireEye has tracked an in-the-wild campaign that leverages compromised sites to spread fake updates. In some cases, the payload was the NetSupport Manager remote access tool RAT. NetSupport Manager is a commercially available RAT that can be used legitimately by system...