A new cryptojacking operation has been found targeting lesser-known AWS offerings such as AWS Amplify, AWS Fargate, and Amazon SageMaker to secretly mine cryptocurrency. Named AMBERSQUID, the campaign manages to exploit these cloud services without triggering AWS’s usual resource approval process. The services are referred to as uncommon since they are overlooked from a security […]
Key Takeaways Proofpoint has observed an increase in activity from specific malware families targeting Chinese-language speakers. Campaigns include Chinese-language lures and malware typically associated with Chinese cybercrime activity. Newly observed ValleyRAT is emerging as a new malware among Chinese-themed cybercrime activity, while Sainbox RAT and related variants are recently active as well. The increase in […]
Sep 15, 2023THNOnline Security / Malware An ongoing campaign is targeting Facebook Business accounts with bogus messages to harvest victims’ credentials using a variant of the Python-based NodeStealer and potentially take over their accounts for follow-on malicious activities. “The attacks are reaching victims mainly in Southern Europe and North America across different segments, led by […]
A new malvertising campaign is targeting corporate users who are downloading the popular web conferencing software Webex. Threat actors have bought an advert that impersonates Cisco’s brand and is displayed first when performing a Google search. We are releasing this blog to warn users about this threat as the malicious ad has been online for almost […]
A new information-stealing malware named MetaStealer has appeared in the wild, targeting macOS systems. This malicious software is built using the Go programming language and can steal a variety of sensitive data from victims. Distribution process According to SentinelOne researchers, many samples of the malware are targeting macOS business users through social engineering tactics, where […]
In addition to targeting researchers with 0-day exploits, the threat actors also developed a standalone Windows tool that has the stated goal of ‘download debugging symbols from Microsoft, Google, Mozilla and Citrix symbol servers for reverse engineers.’ The source code for this tool was first published on GitHub on September 30, 2022, with several updates […]
Attackers are targeting 3D modelers and graphic designers with malicious versions of a legitimate Windows installer tool in a cryptocurrency-mining campaign that’s been ongoing since at least November 2021. The campaign abuses Advanced Installer, a tool for creating software packages, to hide malware in legitimate installers for software used by creative professionals — such as […]
Summary Malicious ads for Google searches are targeting Mac users Phishing sites trick victims into downloading what they believe is the app they want The malware is bundled in an ad-hoc signed app so it cannot be revoked by Apple The payload is a new version of the recent Atomic Stealer for OSX Introduction The majority […]