Fake ChatGPT Desktop App Ads Used to Push Password-Stealing Malware

Fake ChatGPT desktop app ads pushed password-stealing malware by abusing trusted AI links, hiding from scanners, and tricking users into downloads...

⚡ THN Weekly Recap: GitHub Supply Chain Attack, AI Malware, BYOVD Tactics, and More

A quiet tweak in a popular open-source tool opened the door to a supply chain breach—what started as a targeted attack quickly spiraled, exposing secrets across countless projects. That wasn't the only stealth move. A new all-in-one malware is silently stealing passwords, crypto, and control—whil...

ClickFix: How to Infect Your PC in Three Easy Steps

A clever malware deployment scheme first spotted in targeted attacks last year has now gone mainstream. In this scam, dubbed "ClickFix ," the visitor to a hacked or malicious website is asked to distinguish themselves from bots by pressing a combination of keyboard keys that causes Microsoft...

Researchers Uncover Espionage Tactics of China-Based APT Groups in Southeast Asia

A suspected China-based threat actor has been linked to a series of cyber attacks targeting high-profile organizations in Southeast Asia since at least October 2023. The espionage campaign targeted organizations in various sectors spanning government ministries in two different countries, an air...

This Windows PowerShell Phish Has Scary Potential

ManyGitHub users this week received a novel phishing email warning of critical security holes in their code. Those who clicked the link for details were asked to distinguish themselves from bots by pressing a combination of keyboard keys that causes Microsoft Windows to download password-stealing...

GitHub Repositories Hit by Password-Stealing Commits Disguised as Dependabot Contributions

A new deceptive campaign has been observed hijacking GitHub accounts and committing malicious code disguised as Dependabot contributions with an aim to steal passwords from developers. "The malicious code exfiltrates the GitHub project's defined secrets to a malicious C2 server and modify any...

Password-stealing Chrome extension smuggled on to Web Store

Researchers at the University of Wisconsin-Madison have demonstrated that Chrome browser extensions can steal passwords from the text input fields in websites, even if the extension is compliant with Chrome's latest security and privacy standard, Manifest V3. To prove it, they created a proof of...

Erbium stealer on the hunt for data

Theres a new slice of malware-as-a-service doing the rounds, although its actual newness is somewhat contested. The stealer, called Erbium, was first spotted on forums back in July 2022, but it seems nobody is quite sure when it started being deployed and snagging victims. Nevertheless, it is now...

Qakbot Botnet Sprouts Fangs, Injects Malware into Email Threads

The Qakbot botnet is getting more dangerous, sinking its fangs into email threads and injecting malicious modules to pump up the core botnet’s powers. On Thursday, Sophos published a deep dive into the botnet, describing how researchers have recently seen it spreading through email thread hijacki...

Two NPM Packages With 22 Million Weekly Downloads Found Backdoored

In what's yet another instance of supply chain attack targeting open-source software repositories, two popular NPM packages with cumulative weekly downloads of nearly 22 million were found to be compromised with malicious code by gaining unauthorized access to the respective developer's accounts...

Popular NPM Package Hijacked to Publish Crypto-mining Malware

The U.S. Cybersecurity and Infrastructure Security Agency on Friday warned of crypto-mining and password-stealing malware embedded in "UAParser.js," a popular JavaScript NPM library with over 6 million weekly downloads, days after the NPM repository moved to get rid of three rogue packages that...

Malicious NPM Package Caught Stealing Users' Saved Passwords From Browsers

A software package available from the official NPM repository has been revealed to be actually a front for a tool that's designed to steal saved passwords from the Chrome web browser. The package in question, named "nodejsnetserver" and downloaded over 1,283 times since February 2019, was last...

A week in security (June 7 – June 13)

Last week on Malwarebytes Labs: Amazon SIdewalk starts sharing your WiFi data tomorrow, thanks White hat, black hat, grey hat hackers: what’s the difference? Can two VPN “wrongs” make a right? Lock and Code S02E10 DOJ recovers pipeline ransom, signals more aggressive approach to cybercrime 800...

Postbird 0.8.4 Cross Site Scripting / Local File Inclusion

Exploit Title: Postbird 0.8.4 - Javascript Injection Date: 26 May 2021 Exploit Author: Debshubra Chakraborty Vendor Homepage: https://github.com/paxa/postbird Software Link: https://www.electronjs.org/apps/postbird Version: 0.8.4 Tested on: Linux CVE : CVE-2021-33570 """ XSS Payload LFI Payload...

Hackers Using Microsoft Build Engine to Deliver Malware Filelessly

Threat actors are abusing Microsoft Build Engine MSBuild to filelessly deliver remote access trojans and password-stealing malware on targeted Windows systems. The actively ongoing campaign is said to have emerged last month, researchers from cybersecurity firm Anomali said on Thursday, adding th...

LodaRAT Windows Malware Now Also Targets Android Devices

A previously known Windows remote access Trojan RAT with credential-stealing capabilities has now expanded its scope to set its sights on users of Android devices to further the attacker's espionage motives. "The developers of LodaRAT have added Android as a targeted platform," Cisco Talos...

Payment Card Skimmer Group Using Raccoon Info-Stealer to Siphon Off Data

A cybercrime group known for targeting e-commerce websites unleashed a "multi-stage malicious campaign" earlier this year designed with an intent to distribute information stealers and JavaScript-based payment skimmers. In a new report published today and shared with The Hacker News,...

Interview with the Author of the 2000 Love Bug Virus

No real surprises, but we finally have the story. The story he went on to tell is strikingly straightforward. De Guzman was poor, and internet access was expensive. He felt that getting online was almost akin to a human right a view that was ahead of its time. Getting access required a password, ...

TrickBot Sample Accidentally Warns Victims They're Infected

TrickBot, the infamous info-stealing trojan, has been trying out a test module that accidentally pops up fraud alerts to victims. A sandboxed sample of the trojan, obtained by MalwareHunterTeam and analyzed by Advanced Intelligence’s Vitali Kremez, turns out to contain a new module, called “modul...

Live Coronavirus Map Used to Spread Malware

Cybercriminals constantly latch on to news items that captivate the public's attention, but usually they do so by sensationalizing the topic or spreading misinformation about it. Recently, however, cybercrooks have started disseminating real-time, accurate information about global infection rates...