New Malware Campaign Uses Cracked Software to Spread Lumma and ACR Stealer

Cybersecurity researchers are warning of a new campaign that leverages cracked versions of software as a lure to distribute information stealers like Lumma and ACR Stealer. The AhnLab Security Intelligence Center ASEC said it has observed a spike in the distribution volume of ACR Stealer since...

Emmenhtal Loader Uses Scripts to Deliver Lumma and Other Malware

Emmenhtal Loader uses LOLBAS techniques, deploying malware like Lumma and Amadey through legitimate Windows tools. Its infection chain…...

Malicious code in jupihelp (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 7bb124c218cd3a0340ff934eafc0d4c9cbf322b2428d8a868ed28703aeb38426 Once run, downloads and install from sleipnirbrowser.org a suspicious executable pretending to be a webbrowser. This website appears to be a scam using some ki...

MAL-2024-12296 Malicious code in jupphelp (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 dcda51f3ac0b82ef824630ce053d4dc42aa2021baf16e476ca83ef8d7f7c1cab Once run, downloads and install from sleipnirbrowser.org a suspicious executable pretending to be a webbrowser. This website appears to be a scam using some ki...

Hackers Target Python Developers with Fake "Crytic-Compilers" Package on PyPI

Cybersecurity researchers have discovered a malicious Python package uploaded to the Python Package Index PyPI repository that's designed to deliver an information stealer called Lumma aka LummaC2. The package in question is crytic-compilers, a typosquatted version of a legitimate library named...

Malware Using Google MultiLogin Exploit to Maintain Access Despite Password Reset

Information stealing malware are actively taking advantage of an undocumented Google OAuth endpoint named MultiLogin to hijack user sessions and allow continuous access to Google services even after a password reset. According to CloudSEK, the critical exploit facilitates session persistence and...

A cryptor, a stealer and a banking trojan

Introduction As long as cybercriminals want to make money, theyll keep making malware, and as long as they keep making malware, well keep analyzing it, publishing reports and providing protection. Last month we covered a wide range of cybercrime topics. For example, we published a private report ...

Fake Update Utilizes New IDAT Loader To Execute StealC and Lumma Infostealers

Technical Analysis by: Thomas Elkins, Natalie Zargarov Contributions: Evan McCann, Tyler McGraw Recently, Rapid7 observed the Fake Browser Update lure tricking users into executing malicious binaries. While analyzing the dropped binaries, Rapid7 determined a new loader is utilized in order to...

CryptoClippy: New Clipper Malware Targeting Portuguese Cryptocurrency Users

Portuguese users are being targeted by a new malware codenamed CryptoClippy that's capable of stealing cryptocurrency as part of a malvertising campaign. The activity leverages SEO poisoning techniques to entice users searching for "WhatsApp web" to rogue domains hosting the malware, Palo Alto...