Group-IB researchers expose a large-scale smishing and phishing operation impersonating 260+ brands across 72 countries, using fake Cloudflare error pages, geofencing, and encrypted WebSocket channels for real-time credit card theft.
Read more…
Source: Group IB
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- HrServ – Previously unknown web shell used in APT attack
November 22, 2023
In the course of our routine investigation, we discovered a DLL file, identified as hrserv.dll, which is a previously unknown web shell exhibiting sophisticated features such as custom encoding methods for client communication and in-memory execution. Kaspersky analysis of the sample led to the discovery of related variants compiled in 2021, indicating a potential correlation between ...
- Diamond Sleet supply chain compromise distributes a modified CyberLink installer
November 22, 2023
Microsoft Threat Intelligence has uncovered a supply chain attack by the North Korea-based threat actor Diamond Sleet (ZINC) involving a malicious variant of an application developed by CyberLink Corp., a software company that develops multimedia software products. This malicious file is a legitimate CyberLink application installer that has been modified to include malicious code that downloads, ...
- Türkiye’s MIT saves Palestinian Iron Dome hacker from Mossad hit
November 22, 2023
Türkiye’s National Intelligence Organization (MIT) saved Omar A. from possible death or abduction in an international operation and offered him protection as the renowned Palestinian hacker was targeted by Mossad in Türkiye and Malaysia. The young man credited with hacking into Israel’s notorious Iron Dome air defense system was sought by Israel for a long time. ...
- FCC wants to improve cyber protections for schools, libraries
November 21, 2023
Ransomware attacks and cybersecurity threats against schools are multiplying and have led to some dramatic consequences. Last year, the Los Angeles Unified School District was hit by a ransomware attack that resulted in hackers posting 500 gigabytes of stolen data online, after the district’s superintendent refused to pay the ransom. The attack compromised about 2,000 student ...
- The Rug Pull: A Million-Dollar Scam With A Fake Token Factory
November 21, 2023
In the dynamic realm of cryptocurrency, recent events have highlighted the ever-present threat of Rug Pulls—deceptive maneuvers that leave investors empty-handed. Threat Intel Blockchain system, developed by Check Point, recently sounded the alarm on a sophisticated scheme that managed to pilfer nearly $1 million. Let’s delve into the details of this elaborate crypto con and understand ...
- How to stop fake System notifications on macOS
November 21, 2023
Scammers are abusing an Apple feature that allows websites to create push notifications that look like they’re coming from macOS, or apps. The notifications try to scare users into clicking a link with fake virus alerts or messages saying their account has been hacked. Years ago Malwarebytes Labs warned our readers about the introduction of browser ...