Positive Technologies detects a series of attacks via Microsoft Exchange Server

While responding to an incident, the Incident Response team of Positive Technologies Expert Security Center (PT ESC) discovered an unknown keylogger embedded in the main Microsoft Exchange Server page of one of our customers. This keylogger was collecting account credentials Read More …

Android Remote Access Trojan Equipped to Harvest Credentials

The SonicWall Capture Labs threat research team has been regularly sharing information about malware targeting Android devices. The researchers encountered similar RAT samples before, but this one includes extra commands and phishing attacks designed to harvest credentials. This malware uses Read More …

TicTacToe Dropper

While analyzing malware samples collected from several victims, the FortiGuard team identified a grouping of malware droppers used to deliver various final-stage payloads throughout 2023. Malware droppers are malicious software designed to deliver and execute additional malware on a victim Read More …

Deceptive Cracked Software Spreads Lumma Variant on YouTube

FortiGuard Labs recently discovered a threat group using YouTube channels to distribute a Lumma Stealer variant. We found and reported on a similar attack method via YouTube in March 2023. These YouTube videos typically feature content related to cracked applications, Read More …

Okta breach happened after employee logged into personal Google account

Okta has revealed details about a recent breach which exposed files belonging to customers. As Malwarebytes explained in their article about 1Password being a victim of this breach, it’s normal for Okta support to ask customers to upload a file Read More …

More than 100,000 hackers have details exposed through malware on cyber crime forums

Researchers have revealed that more than 100,000 hackers could be operating on compromised devices due to their involvement on cyber crime forums. A study from Hudson Rock identified around 120,000 devices infected with malware that contained login credentials for cyber Read More …

NodeStealer 2.0 – The Python Version: Stealing Facebook Business Accounts

Unit 42 researchers have recently discovered a previously unreported phishing campaign that distributed an infostealer equipped to fully take over Facebook business accounts. Facebook business accounts were targeted with a phishing lure offering tools such as spreadsheet templates for business. Read More …

Uncovering an Iranian mobile malware campaign

During a recent proactive hunt for malicious mobile malware, Sophos X-Ops researchers from SophosLabs discovered a group of four credential-harvesting apps targeting customers of several Iranian banks. Most of the apps are signed using the same – possibly stolen – Read More …

Hibernating Qakbot: A Comprehensive Study and In-depth Campaign Analysis

In the ever-evolving landscape of cyber threats, banking trojans continue to pose a significant risk to organizations worldwide. Among them, Qakbot, also known as QBot or Pinkslipbot, stands out as a highly sophisticated and persistent malware active since 2007, targeting Read More …

Legion: New hacktool steals credentials from misconfigured sites

A new Python-based credential harvester and SMTP hijacking tool named ‘Legion’ is being sold on Telegram that targets online email services for phishing and spam attacks. Legion is sold by cybercriminals who use the “Forza Tools” moniker and operate a Read More …