Apr 27, 2024NewsroomMalware / Software Security An ongoing social engineering campaign is targeting software developers with bogus npm packages under the guise of a job interview to trick them into downloading a Python backdoor. Cybersecurity firm Securonix is tracking the activity under the name DEV#POPPER, linking it to North Korean threat actors. “During these fraudulent […]
Apr 25, 2024NewsroomVulnerability / Zero-Day A new malware campaign leveraged two zero-day flaws in Cisco networking gear to deliver custom malware and facilitate covert data collection on target environments. Cisco Talos, which dubbed the activity ArcaneDoor, attributing it as the handiwork of a previously undocumented sophisticated state-sponsored actor it tracks under the name UAT4356 (aka […]
Today, we are looking at a malicious ad campaign targeting Facebook users via Google search. It is well-known that tech support scammers attract new victims by buying ads for certain keywords related to their audience. What is perhaps less known is how it is even possible to impersonate top brands and get away with it. […]
Apr 24, 2024NewsroomMalware / Endpoint Security Cybersecurity researchers have discovered an ongoing attack campaign that’s leveraging phishing emails to deliver malware called SSLoad. The campaign, codenamed FROZEN#SHADOW by Securonix, also involves the deployment of Cobalt Strike and the ConnectWise ScreenConnect remote desktop software. “SSLoad is designed to stealthily infiltrate systems, gather sensitive information and transmit […]
South Korean police have revealed a major hacking campaign which saw defense secrets stolen by hackers from the north over the period of a year. A report from the Korean National Police Agency (KNPA) published yesterday blamed the campaign on three North Korean state-backed groups: Lazarus, Kimsuky and Andariel. Local reports claimed they targeted as […]
Apr 24, 2024NewsroomMalware / Data Security A new ongoing malware campaign has been observed distributing three different stealers, such as CryptBot, LummaC2, and Rhadamanthys hosted on Content Delivery Network (CDN) cache domains since at least February 2024. Cisco Talos has attributed the activity with moderate confidence to a threat actor tracked as CoralRaider, a suspected […]
Key Points Avast discovered and analyzed a malware campaign hijacking an eScan antivirus update mechanism to distribute backdoors and coinminers Avast disclosed the vulnerability to both eScan antivirus and India CERT. On 2023-07-31, eScan confirmed that the issue was fixed and successfully resolved The campaign was orchestrated by a threat actor with possible ties to […]
A phishing campaign exploiting a bug in Nespresso’s website has been able to evade detection by taking advantage of security tools that fail to look for malicious nested or hidden links. The campaign starts with a phishing email that appears to have been sent from an employee with Bank of America, with a message to […]
Last August we documented a malware campaign that was injecting malicious JavaScript code into compromised WordPress sites to redirect site visitors to VexTrio domains. The most interesting thing about that malware was how it used dynamic DNS TXT records of the tracker-cloud[.]com domain to obtain redirect URLs. Typical notification scam destination for the redirects We’ve […]