Cisco Talos Incident Response (Talos IR) has observed the ongoing use of legitimate digital document publishing (DDP) sites for phishing, credential theft and session token theft during recent incident response and threat intelligence engagements. Hosting phishing lures on DDP sites increases the likelihood of a successful phishing attack, since these sites often have a favorable […]
A novel phishing campaign leveraged legitimate Dropbox infrastructure and successfully bypassed multifactor authentication (MFA) protocols, new research from Darktrace has revealed. The attack highlights the growing exploitation of legitimate popular services to trick targets into downloading malware and revealing log in credentials. The findings also show how attackers are becoming adept at evading standard security […]
The malicious packages were disguised as legitimate Python packages, and although they have been removed from PyPI, they were downloaded over 3,000 times, compromising thousands of systems.
More than 8,000 domains and 13,000 subdomains belonging to legitimate brands and institutions have been hijacked as part of a sophisticated distribution architecture for spam proliferation and click monetization. Guardio Labs is tracking the coordinated malicious activity, which has been ongoing since at least September 2022, under the name SubdoMailing. The emails range from “counterfeit […]
The FBI advises against sending gold or other precious metals to legitimate businesses or U.S. government organizations and provides tips to reduce the risk of falling victim to fraud attempts.
A new malvertising campaign has been observed wherein threat actors are copying a legitimate Windows news portal to distribute malware. This type of website is often visited by software enthusiasts and system administrators to stay updated about computer reviews and download software utilities. What’s happening? Threat actors are leveraging the Windows news portal to promote […]
Oct 17, 2023NewsroomMalware / APT In what’s the latest evolution of threat actors abusing legitimate infrastructure for nefarious ends, new findings show that nation-state hacking groups have entered the fray in leveraging the social platform for targeting critical infrastructure. Discord, in recent years, has become a lucrative target, acting as a fertile ground for hosting […]
Sep 09, 2023THNMalware / Hacking A legitimate Windows tool used for creating software packages called Advanced Installer is being abused by threat actors to drop cryptocurrency-mining malware on infected machines since at least November 2021. “The attacker uses Advanced Installer to package other legitimate software installers, such as Adobe Illustrator, Autodesk 3ds Max, and SketchUp […]
Attackers are targeting 3D modelers and graphic designers with malicious versions of a legitimate Windows installer tool in a cryptocurrency-mining campaign that’s been ongoing since at least November 2021. The campaign abuses Advanced Installer, a tool for creating software packages, to hide malware in legitimate installers for software used by creative professionals — such as […]