Short-form video platforms like TikTok and Instagram Reels have become the latest way cybercriminals spread malware.
We’ve already seen attackers move away from traditional phishing emails and toward tactics that trick people into installing malware themselves. Now they’re being lured with slick social media videos that promise free Spotify Premium, free Windows activation, or free Microsoft Office, but instead leave people with infostealers on their Windows devices.
Read more…
Source: MalwareBytes Labs
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Hello 0-Days, My Old Friend: A 2024 Zero-Day Exploitation Analysis
May 29, 2025
Google Threat Intelligence Group (GTIG) tracked 75 zero-day vulnerabilities exploited in the wild in 2024, a decrease from the number we identified in 2023 (98 vulnerabilities), but still an increase from 2022 (63 vulnerabilities). GTIG researchers divided the reviewed vulnerabilities into two main categories: end-user platforms and products (e.g., mobile devices, operating systems, and browsers) and ...
- UK: NHS patient data at risk in major cyber attack
May 28, 2025
A newly uncovered cyber attack has exposed sensitive information at two major NHS trusts, raising fears that patient records could be at risk. University College London hospitals, NHS Foundation Trust, and University Hospital Southampton, NHS Foundation Trust were among the victims identified in a widespread cyber breach. analysed by cybersecurity firm EclecticIQ. The company have said ...
- Victoria’s Secret pulls down website amid security incident
May 28, 2025
Clothing and lingerie retailer Victoria’s Secret suspended most of the functionality of its website and some in-store services to “address a security incident,” according to a statement posted to the company’s website on Wednesday. “We identified and are taking steps to address a security incident,” a Victoria’s Secret spokesperson told Reuters in an email on Wednesday. ...
- Zanubis in motion: Tracing the active evolution of the Android banking malware
May 28, 2025
Zanubis is a banking Trojan for Android that emerged in mid-2022. Since its inception, it has targeted banks and financial entities in Peru, before expanding its objectives to virtual cards and crypto wallets. The main infection vector of Zanubis is impersonating legitimate Peruvian Android applications and then misleading the user into enabling the accessibility permissions. Once ...
- Earth Lamia Develops Custom Arsenal to Target Multiple Industries
May 27, 2025
Trend Micro researchers have been tracking an active intrusion set that primarily targets organizations located in countries including Brazil, India, and Southeast Asia since 2023. The threat actor mainly targets the SQL injection vulnerabilities discovered on web applications to access the SQL servers of targeted organizations. The actor also takes advantage of various known vulnerabilities to ...
- Statement of solidarity by the North Atlantic Council concerning the malicious cyber activities against the Czech Republic
May 27, 2025
“We stand in solidarity with the Czech Republic following the malicious cyber campaign against its Ministry of Foreign Affairs. We recognise that the Government of the Czech Republic has attributed the responsibility to the People’s Republic of China, specifically APT31, which is associated with the Ministry of State Security. This campaign targeted a Czech MFA unclassified ...