info@thehackernews.com (The@The Hacker News
//
A new Android malware campaign, potentially linked to previous attacks targeting Indian military personnel, has been identified focusing on users in Taiwan. The malware, known as PJobRAT, is an Android Remote Access Trojan (RAT) that steals sensitive data. It operates by disguising itself as legitimate chat applications, tricking users into installation. Once installed, PJobRAT can extract SMS messages, phone contacts, device information, documents, and media files from infected devices, enabling deep surveillance and remote control.
Researchers at Sophos X-Ops uncovered this recent campaign, observing activity from January 2023 to October 2024. The malicious chat apps, named SangaalLite and CChat, were distributed through compromised WordPress sites. While this particular campaign may be paused, it illustrates that threat actors often retool and retarget after an initial campaign, improving their malware and adjusting their approach before striking again. Users are advised to avoid installing apps from untrusted sources and employ mobile security solutions for protection. References :
Classification:
@ciso2ciso.com
//
Cybercriminals are increasingly leveraging Scalable Vector Graphics (SVG) files in phishing attacks to circumvent traditional email security measures. Sophos researchers have uncovered this rising threat, noting that attackers use SVG files to distribute malicious links leading to credential theft. These SVG files, commonly used for vector-based images, can contain hyperlinks and scripts within their text-based XML instructions, enabling attackers to embed malicious content directly within the graphics file.
Attackers often employ social engineering tactics in phishing emails, impersonating well-known brands like DocuSign, Microsoft SharePoint, Dropbox, and Google Voice to trick recipients into opening the malicious SVG attachments. When a user clicks the embedded link, they are redirected to a credential-harvesting site disguised as a legitimate login portal. Sophos has observed increasingly sophisticated SVG phishing attacks, including the use of Cloudflare CAPTCHA gates, credential pre-filling, live phishing templates, and JavaScript auto-redirects to further evade detection. References :
Classification:
|