CyberSecurity news
FlagThis - #datatheft
|
@PCWorld
//
A new variant of the Snake Keylogger malware is actively targeting Windows users, with over 280 million infection attempts detected globally. Cybersecurity researchers have identified this version, also known as the 404 Keylogger, as AutoIt/Injector.GTY!tr. The primary targets include users in China, Turkey, Indonesia, Taiwan, and Spain, where the malware spreads through phishing emails containing malicious attachments or links. The keylogger steals credentials from popular web browsers like Chrome, Edge, and Firefox by logging keystrokes, capturing screenshots, and monitoring the clipboard.
The stolen data, including sensitive information and credentials, is then exfiltrated to its command-and-control (C2) server through various methods, including SMTP email and Telegram bots. The malware utilizes AutoIt, a scripting language frequently used for Windows automation, to deliver and execute its malicious payload. By using AutoIt, the malware can create standalone executables that may bypass standard antivirus solutions. Once executed, the keylogger copies itself to the %Local_AppData%\supergroup folder, names itself ageless[.]exe, and sets its attributes to hidden and creates “ageless.vbs” in the %Startup% folder. Recommended read:
References :
@techcrunch.com
//
Italian spyware maker SIO is distributing malicious Android applications that masquerade as popular apps like WhatsApp. According to an exclusive report by TechCrunch, the spyware, dubbed "Spyrtacus," is designed to steal private data from a target's device. Researchers have linked this spyware campaign to SIO, a company that claims to partner with law enforcement agencies, government organizations, police, and intelligence agencies, including the Italian government.
The spyware campaign involves distributing malicious Android apps disguised as popular applications and cellphone provider tools. Security researchers at Lookout identified the spyware as "Spyrtacus" after finding the term in the code of an older malware sample. Spyrtacus possesses capabilities typical of government spyware, including the ability to steal text messages, chats from various messaging platforms, exfiltrate contacts, and record phone calls and ambient audio. At this time, the identities of the spyware targets and victims remain unknown. Recommended read:
References :
@cyberinsider.com
//
Reports have surfaced regarding a potential data breach at OpenAI, with claims suggesting that 20 million user accounts may have been compromised. The cybercriminal known as "emirking" claimed to have stolen the login credentials and put them up for sale on a dark web forum, even sharing samples of the supposed stolen data. Early investigations indicate that the compromised credentials did not originate from a direct breach of OpenAI's systems.
Instead, cybersecurity researchers believe the credentials were harvested through infostealer malware, which collects login information from various sources on infected devices. Security experts suggest that the extensive credential theft may have been achieved by exploiting vulnerabilities or securing admin credentials. OpenAI is currently investigating the incident. Users are urged to change their passwords and enable multi-factor authentication. Recommended read:
References :
@securityonline.info
//
A new malware campaign is underway, distributing the Lumma Stealer information stealer via weaponized PDF documents. This campaign specifically targets educational institutions, exploiting compromised infrastructure to deliver malicious LNK files disguised as legitimate PDFs. These files, when executed, initiate a multi-stage infection process designed to steal sensitive data, including passwords, browser information, and cryptocurrency wallet details.
The attackers lure users into downloading these malicious files by disguising them as innocuous documents, such as school fee structures. Once executed, the LNK files trigger PowerShell commands that download and run obfuscated JavaScript code, ultimately deploying the Lumma Stealer payload. The malware employs advanced evasion techniques, including obfuscated JavaScript and encrypted payloads, to avoid detection. This campaign highlights the urgent need for robust cybersecurity measures within educational institutions and other sectors. Lumma Stealer targets various industries beyond education, including finance, healthcare, technology, and media. The use of compromised educational infrastructure as a distribution channel underscores the vulnerabilities in organizational cybersecurity frameworks. Recommended read:
References :
|