Credential Theft
-
Astaroth banking trojan leverages GitHub to restore command-and-control, McAfee says
McAfee Labs reported that the Astaroth banking trojan campaign uses GitHub-hosted images with steganography to update configurations and maintain access after C2 takedowns; the campaign targets Brazil and other Latin American countries and is delivered via DocuSign-themed phishing emails.
-
Researchers say Chinese-speaking group UAT-8099 uses IIS servers for global SEO fraud
Researchers say a Chinese-speaking group dubbed UAT-8099 has been exploiting Microsoft IIS servers to run SEO fraud and steal credentials and certificate data, using web shells, Cobalt Strike and a modified BadIIS backdoor across targets in Asia and the Americas.
-
Phishing campaign impersonates Ukrainian police to deliver data stealer and cryptominer
FortiGuard Labs reported a fileless phishing campaign impersonating Ukraine’s National Police that uses malicious SVG attachments to deliver Amatera Stealer and PureMiner, harvesting credentials and installing a cryptominer on Windows systems.
-
TA558 Deploys AI-Generated Scripts to Deliver Venom RAT, Targeting Hotels in Latin America
Kaspersky links TA558’s latest activity to the RevengeHotels cluster, where attackers use AI-generated scripts to deliver Venom RAT to hotels in Latin America through phishing emails, with goals including stealing guest credit card data and expanding their reach via AI-assisted phishing.
-
Curly COMrades APT Targets Georgia and Moldova, Leveraging Ngen for Persistence, Bitdefender Warns
A new cyber espionage campaign attributed to the Curly COMrades threat actor targets Georgia and Moldova, leveraging a mix of legitimate tools and a bespoke backdoor to establish long-term access and exfiltrate credentials, according to Bitdefender.
-
Cybersecurity Alert: Hackers Target 65 Microsoft Exchange Servers Worldwide
Hackers are increasingly targeting Microsoft Exchange servers to inject credential-harvesting keyloggers, affecting 65 organizations across 26 countries. Positive Technologies reported these attacks utilize JavaScript vulnerabilities, emphasizing the urgent need for enhanced cybersecurity practices.
-
Businesses Urged to Strengthen Password Policies Amid Ongoing Cybersecurity Risks
Businesses are warned that poor password management practices pose significant threats to online security, with more than a quarter lacking strong password policies. Experts stress the importance of implementing complex password requirements and securing peripheral devices to mitigate risks.
-
AI Presentation Tool Exploited in Phishing Scams, Experts Warn
Research from Abnormal Security reveals that the AI presentation tool Gamma is being exploited in phishing attacks to trick users into revealing their credentials via counterfeit communications.
-
Cybersecurity Alert: Neptune RAT Targets Windows Users via Popular Platforms
Researchers at CYFIRMA announced the discovery of a new version of Neptune RAT, an advanced Remote Access Trojan targeting Windows systems. Found on platforms like GitHub and YouTube, its capabilities include credential theft, ransomware attacks, and more, raising serious cybersecurity concerns.
