Group-IB researchers expose a large-scale smishing and phishing operation impersonating 260+ brands across 72 countries, using fake Cloudflare error pages, geofencing, and encrypted WebSocket channels for real-time credit card theft.
Read more…
Source: Group IB
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- #StopRansomware: RansomHub Ransomware
August 29, 2024
The Federal Bureau of Investigation (FBI) and partners are releasing this joint advisory to disseminate known RansomHub ransomware IOCs and TTPs. These have been identified through FBI threat response activities and third-party reporting as recently as August 2024. RansomHub is a ransomware-as-a-service variant—formerly known as Cyclops and Knight—that has established itself as an efficient and successful ...
- Fake Canva home page leads to browser lock
August 29, 2024
In a previous blog post, Malwarebytes researchers showed how fraudsters were leveraging features from the very company (Microsoft) they were impersonating. Malwarebytes Labs continue this series with another clever trick abusing Canva, a popular online tool for graphic design. This time, the scammers registered an account on Canva to create a new design that, is in ...
- Preparing for Unknown Risks: How to Better Prepare for Risks You Can’t See Yet
August 29, 2024
As security professionals we’re used to dealing with unknowns and unpredictability. We understand that it’s impossible to always know what’s around the corner. It’s not just about external threats and the big breaches splashed across the news headlines. On one hand, we’re combating threat actors attempting to steal information, money or simply trying to cause havoc. ...
- State-backed attackers and commercial surveillance vendors repeatedly use the same exploits
August 29, 2024
Google’s Threat Analysis Group (TAG) observed multiple in-the-wild exploit campaigns, between November 2023 and July 2024, delivered from a watering hole attack on Mongolian government websites. The campaigns first delivered an iOS WebKit exploit affecting iOS versions older than 16.6.1 and then later, a Chrome exploit chain against Android users running versions from m121 to m123. ...
- Spain’s Alcampo Acts Quickly To Mitigate Impact Of Cyber Attack
August 29, 2024
Spanish retailer Alcampo has reportedly suffered a cyber attack, however the group told local media that it acted quickly to mitigate its effects. The retailer experienced the cyber attack between Sunday 25 August and Monday 26 August, according to media reports, and upon discovery of the incident, engaged data protection experts to implement the necessary technical, ...
- Deep Analysis of Snake Keylogger’s New Variant
August 28, 2024
Fortinet’s FortiGuard Labs recently caught a phishing campaign in the wild with a malicious Excel document attached to the phishing email. Fortinet researchers performed a deep analysis on the campaign and discovered that it delivers a new variant of Snake Keylogger. Snake Keylogger (aka “404 Keylogger” or “KrakenKeylogger”) is a subscription-based keylogger with many capabilities. It ...