FlagThis

A new variant of Snake Keylogger has been detected launching over 280 million attacks, targeting credentials and data. The resurgence primarily impacts users in China, Turkey, Indonesia, Taiwan, and Spain, infiltrating systems through phishing emails. The keylogger steals credentials from browsers like Chrome and exfiltrates data via Telegram Bots.

Observed DNS queries and domains associated with the campaign include cleararhorizon.cyou, lightojourney.top, brhightfusion.top, and support.fortineat.com, indicating a wide infrastructure used in the attacks.

A malware campaign is distributing Lumma Stealer via weaponized PDF documents, targeting educational institutions. The attack uses malicious LNK files disguised as PDFs, delivered through compromised school infrastructure, to steal sensitive data. Educational institutions must enhance their cybersecurity to protect student and staff information. Employ robust anti-malware solutions and user awareness training.

Italian spyware vendor SIO has been caught distributing malicious Android applications that masquerade as popular apps like WhatsApp. Dubbed “Spyrtacus”, the spyware steals victim’s phone data and targets users in Italy. SIO claims to sell its products to government customers, law enforcement agencies, police, and intelligence agencies. The identity of victims remains unknown.

Reports of a massive data breach at OpenAI, claiming 20 million compromised accounts, emerged. However, investigations revealed that the credentials weren’t obtained through a direct breach of OpenAI systems but rather originated from infostealer malware campaigns. This highlights the importance of strong password security for individuals and the risks of relying solely on individual security practices. The attackers used infostealer malware which gathered login credentials from multiple sources.

A zero-day exploit was discovered in the OAuth implementation for Google Chrome extensions. This vulnerability allowed malicious actors to insert malicious code into Chrome extensions via a phishing campaign. The security flaw was identified by SquareX researchers just days before a widespread attack, highlighting the critical need for improved browser security and proactive detection methods for zero day vulnerabilities. This incident led to the hijacking of multiple Chrome extensions, compromising user security.

A fake BMI calculator app, ‘BMI CalculationVsn,’ on the Amazon Appstore was stealing user data. The app has been removed from the store after the report by McAfee. Users who installed the app should manually uninstall it.

Microsoft’s new AI feature ‘Recall’ for Copilot+ PCs stores screenshots of sensitive data, including credit cards and social security numbers, even when a ‘sensitive information’ filter is enabled. This has raised serious privacy and security concerns among users. This feature takes continuous screenshots of everything a user does. The data is stored locally but sent off to Microsoft’s LLM for analysis. This has prompted an investigation by the UK Information Commissioner’s Office. This incident highlights the potential risks of AI-powered surveillance features and the importance of user privacy.