CyberSecurity news
FlagThis - #infostealer
|
@www.huntress.com
//
The North Korea-aligned threat actor known as BlueNoroff, also tracked as TA444, Sapphire Sleet, COPERNICIUM, STARDUST CHOLLIMA, or CageyChameleon, has been observed targeting an employee in the Web3 sector with deceptive tactics. According to research shared by Huntress, these tactics include the use of deepfake Zoom calls featuring synthetic personas of company executives to trick victims into installing malware on their Apple macOS devices. This sophisticated social engineering campaign highlights the evolving techniques employed by threat actors to compromise systems and gain access to sensitive information.
Huntress researchers Alden Schmidt, Stuart Ashenbrenner, and Jonathan Semon provided detailed analysis of a recent BlueNoroff intrusion targeting a cryptocurrency foundation employee. The employee was initially contacted via Telegram and enticed to schedule a meeting through a Calendly link. This link redirected the user to a fake Zoom domain controlled by the attackers. During the deepfake Zoom meeting, the employee was prompted to download a malicious Zoom extension, delivered via Telegram, under the guise of a microphone issue fix. This extension, named "zoom_sdk_support.scpt," initiated the malware installation process. The AppleScript downloaded a payload from a malicious website, disabling bash history logging and checking for Rosetta 2 installation on the compromised Mac. It then proceeded to create a hidden file and download binaries to the "/tmp/icloud_helper" directory, prompting the user for their system password and wiping the history of executed commands to cover their tracks. This intrusion led to the discovery of eight distinct malicious binaries on the victim host, including Telegram 2, Root Troy V4, and InjectWithDyld. The Field Effect Analysis team has also been investigating similar activity related to BlueNoroff.
Share:
References :
Classification:
Dissent@DataBreaches.Net
//
A massive collection of 16 billion login credentials has been discovered, representing one of the largest data thefts in history. Cybernews reports that the exposed data likely originates from various infostealers, malicious software designed to gather sensitive information from infected devices. Researchers have uncovered 30 exposed data sets containing millions to over 3.5 billion records each, totaling the astounding 16 billion credentials. These datasets include logins for major platforms like Apple, Google, Facebook, and Telegram, raising significant concerns about widespread account compromise.
Researchers noted that these datasets were not simply recycled from old data leaks but represent new, potentially "weaponized" information. The exposed data contains a mix of details from stealer malware, credential stuffing sets, and repackaged leaks. While it was not possible to compare data between the different sets effectively, the sheer volume and the platforms targeted highlight the severity of the situation. The data sets were only exposed for a short period and it remains unknown who controlled the large amount of data. The exposure of these 16 billion credentials poses a significant risk of account takeovers, identity theft, and targeted phishing attacks. Cybercriminals now have access to an unprecedented volume of personal data. Users are advised to take immediate action to protect their accounts, including enabling multi-factor authentication and using strong, unique passwords for all online services. News sources indicate that this is not a new data breach but is rather a compilation of previously leaked credentials.
Share:
References :
Classification:
@cyberscoop.com
//
INTERPOL has announced the successful culmination of Operation Secure, a global initiative targeting the infrastructure of information-stealing malware. The operation, which spanned from January to April 2025, involved law enforcement agencies from 26 countries who worked collaboratively to locate servers, map physical networks, and execute targeted takedowns. This coordinated effort resulted in the dismantling of more than 20,000 malicious IP addresses and domains associated with 69 different variants of infostealer malware, significantly disrupting cybercriminal activities worldwide.
Operation Secure also led to the seizure of 41 servers and over 100 GB of data, providing valuable insights into the operations of cybercriminals. A total of 32 suspects were arrested across multiple countries in connection with illegal cyber activities, demonstrating the effectiveness of international cooperation in combating cybercrime. Eighteen arrests occurred in Vietnam, where authorities confiscated devices, SIM cards, business registration documents, and a substantial sum of cash, revealing a scheme to open and sell corporate accounts for illicit purposes. The operation was further bolstered by the contributions of private sector cybersecurity firms, including Group-IB, Kaspersky, and Trend Micro, who provided critical intelligence and Cyber Activity Reports to assist cyber teams. This collaboration resulted in the takedown of 79% of identified suspicious IP addresses. Hong Kong police played a key role by analyzing over 1,700 pieces of intelligence and identifying 117 command-and-control servers used by cybercriminals to orchestrate phishing schemes, online fraud, and social media scams.
Share:
References :
Classification:
|