Competition between stealers for macOS is heating up, with a new malvertising campaign luring Mac users via a fraudulent advert for Microsoft Teams.
This attack comes on the heels of the new Poseidon (OSX.RodStealer) project, another threat using a similar code base and delivery techniques. Based on our tracking, Microsoft Teams is once again a popular keyword threat actors are bidding on, and it is the first time we have seen it used by Atomic Stealer. Communication tools like Zoom, Webex or Slack have been historically coveted by criminals who package them as fake installers laced with malware.
Read more…
Source: Malwarebytes Labs
Related:
- Mysterious leaker GangExposed outs Conti kingpins in massive ransomware data dump
May 31, 2025
A mystery whistleblower calling himself GangExposed has exposed key figures behind the Conti and Trickbot ransomware crews, publishing a trove of internal files and naming names. The leaks include thousands of chat logs, personal videos, and ransom negotiations tied to some of the most notorious cyber-extortion gangs —believed to have raked in billions from companies, hospitals, ...
- Eight things we learned from WhatsApp vs. NSO Group spyware lawsuit
May 30, 2025
On May 6, WhatsApp scored a major victory against NSO Group when a jury ordered the infamous spyware maker to pay more than $167 million in damages to the Meta-owned company. The ruling concluded a legal battle spanning more than five years, which started in October 2019 when WhatsApp accused NSO Group of hacking more than ...
- Melbourne-based financial services and advice firm hit with cyber attack
May 30, 2025
Financial services aggregate 3P Corporation has denied its data was breached in an April attack; however, hackers have published more than 200 gigabytes of internal documents and customer data online. The Space Bears ransomware gang listed Victorian financial services firm 3P Corporation as a victim on its darknet leak site in early April, and has since ...
- Exploits and vulnerabilities in Q1 2025
May 30, 2025
The first quarter of 2025, like previous ones, demonstrates a significant number of newly documented vulnerabilities. The trend largely mirrors previous years, so we will focus on new data that can be collected for the most popular platforms. This report examines the characteristics of vulnerabilities in the Linux operating system and Microsoft software, specifically the Windows ...
- Santesoft Releases Security Update for Sante DICOM Viewer Pro
May 30, 2025
The US Cybersecurity and Infrastructure Security Agency (CISA) has released an Industrial Control Systems (ICS) Medical Advisory for a vulnerability in Santesoft Sante DICOM Viewer Pro. Sante DICOM Viewer Pro is an application for viewing, processing, and editing DICOM-format medical images. CVE-2025-5307 has a CVSSv4 score of 8.4 and is an ‘out-of-bounds read’ vulnerability, which means ...
- Deep Dive into a Dumped Malware without a PE Header
May 29, 2025
This analysis is part of an incident investigation led by the FortiGuard Incident Response Team. Fortiguard Incident Response Team discovered malware that had been running on a compromised machine for several weeks. The threat actor had executed a batch of scripts and PowerShell to run the malware in a Windows process. Although obtaining the original malware ...