Xeon Sender Tool Exploits Cloud APIs for Large-Scale SMS Phishing Attacks

Malicious actors are using a cloud attack tool named Xeon Sender to conduct SMS phishing and spam campaigns on a large scale by abusing legitimate services. "Attackers can use Xeon to send messages through multiple software-as-a-service SaaS providers using valid credentials for the service...

SMS Phishing Attacks are on the Rise

SMS phishing attacks -- annoyingly called "smishing" -- are becoming more common. I know that I have been receiving a lot of phishing SMS messages over the past few months. I am not getting the "Fedex package delivered" messages the article talks about. Mine are usually of the form: "Thank you fo...

Scammers Pose as Meal-Kit Services to Steal Customer Data

Attackers are piggybacking off the booming market for meal-kit delivery services since the pandemic, and sending SMS phishing messages doctored up to look like they’re legitimate correspondence from popular brand names — including HelloFresh and Gousto. This is just another example of why the wor...

A week in security (September 30 – October 6)

Last week on Malwarebytes Labs, Malwarebytes renewed its pledge to fight stalkerware for National Cybersecurity Awareness NCSA and Domestic Violence Awareness Month. We also looked into what security orchestration is and reported about partnering with security firm, HYAS, to determine the...

Mobile Menace Monday: SMS phishing attacks target the job market

Recently, a co-worker received an enticing SMS message from ASPXPPZUPS Human Resources. It read: Tired of your old job? Join our team today, work from home and earn $6,200 per month: hire-me-zvcbrvpffy.hidden.com. Could it be that our dream job awaits via random text message? On the contrary, thi...

GM Bot Banking Malware Source Code Leak

Source code for the potent Android malware GM Bot has been leaked to underground forums, according to IBM security experts. The impact, IBM X-Force threat intelligence says, will be an uptick in GM Bot variants and the number of attacks targeting financial applications on Android-based devices...

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in Bulb Security Smartphone Pentest Framework SPF 0.1.2 through 0.1.4 allow remote attackers to hijack the authentication of administrators for requests that conduct 1 shell metacharacter or 2 SQL injection attacks or 3 send an SMS message...

Most Sophisticated Android malware ever detected

A new piece of sophisticated Android malware has been discovered by security researchers at Kaspersky Labs. Dubbed as Backdoor.AndroidOS.Obad.a, it is the most sophisticated piece of Android malware ever seen. It exploits multiple vulnerabilities, blocks uninstall attempts, attempts to gain root...

Simplest Phones Open to 'SMS of Death' !

It's a scene from an as-yet-unmade thriller: Across a country, tens of thousands of cellphones all blink white at the same, and turn themselves off. Calls are lost, phones are rendered useless, and the affected mobile operator is forced to pay a ransom or lose customers. It hasn't happened yet. B...