A Phishing-as-a-Service (PhaaS) platform based in China, known as “Lighthouse,” is the subject of a new Google lawsuit.
Lighthouse enables smishing (SMS phishing) campaigns, and if you’re in the US there is a good chance you’ve seen their texts about a small amount you supposedly owe in toll fees. Here’s an example of a toll-fee scam text:
Read more…
Source: Mawarebytes Labs
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Platinum is back
June 5, 2019
In June 2018, we came across an unusual set of samples spreading throughout South and Southeast Asian countries targeting diplomatic, government and military entities. The campaign, which may have started as far back as 2012, featured a multi-stage approach and was dubbed EasternRoppels. The actor behind this campaign, believed to be related to the notorious ...
- MacOS Zero-Day Allows Trusted Apps to Run Malicious Code
June 3, 2019
A researcher has revealed a zero-day flaw in Apple’s Mojave operating system tied to the way the OS verifies apps. The bug allows attackers to sneak past macOS security measures and run whitelisted apps that have been manipulated to run malicious code. macOS researcher Patrick Wardle revealed the flaw Monday, describing the exploitation of the bug ...
- Zebrocy’s Multilanguage Malware Salad
June 3, 2019
Zebrocy is Russian speaking APT that presents a strange set of stripes. To keep things simple, there are three things to know about Zebrocy Zebrocy is an active sub-group of victim profiling and access specialists Zebrocy maintains a lineage back through 2013, sharing malware artefacts and similarities with BlackEnergy The past five years of Zebrocy infrastructure, malware set, ...
- Turla turns PowerShell into a weapon in attacks against EU diplomats
May 30, 2019
A cyberespionage group believed to be from Russia is once again striking political targets, and this time, PowerShell scripts have been weaponized to increase the power of their attacks. Turla, also known as Snake or Uroburos, has been active since at least 2008. The advanced persistent threat (APT) group was previously linked to a backdoor implanted in ...
- New HiddenWasp malware found targeting Linux systems
May 29, 2019
Security researchers have found a new strain of Linux malware that appears to have been created by Chinese hackers and has been used as a means to remotely control infected systems. Named HiddenWasp, this malware is composed of a user-mode rootkit, a trojan, and an initial deployment script. The malware has a similar structure to another recently-discovered ...
- Gatekeeper Bug in MacOS Mojave Allows Malware to Execute
May 28, 2019
Researcher discloses vulnerability in macOS Gatekeeper security feature that allows the execution of malicious code on current version of the OS. Researcher Filippo Cavallarin disclosed a bug in the macOS security feature Gatekeeper that allows malicious code execution on systems running the most recent version of Mojave (10.14.0). MacOS Gatekeeper is an Apple security feature that enforces ...