New malware targets Apache Tomcat servers, hijacking resources through stealthy payloads & lateral movement. What to watch for to protect your workloads

Hidden malware strikes WordPress mu-plugins. Our latest findings reveal how to safeguard your site against these threats.

Starting in December 2024, leading up to some of the busiest travel days, Microsoft Threat Intelligence identified a phishing campaign that impersonates online travel agency Booking.com and targets organizations in the hospitality industry. The campaign uses a social engineering technique called ClickFix to deliver multiple credential-stealing malware in order to conduct financial fraud and theft. […]

Learn about the fake Google reCAPTCHA campaign infecting machines by tricking unsuspecting users into running malicious Powershell commands.

A new variant of the XCSSET macOS modular malware has emerged in attacks that target users' sensitive information, including digital wallets and data from the legitimate Notes app.

Dive into our investigation of WordPress malware and find out how mu-plugins are used to hide backdoor threats.

A free-to-play game named PirateFi in the Steam store has been distributing the Vidar infostealing malware to unsuspecting users.

Discover BADBOX, a new botnet pre-infecting Android devices—including TVs—via factory malware. Explore supply chain threats from one SSL certificate.

Kaspersky experts discover iOS and Android apps infected with the SparkCat crypto stealer in Google Play and the App Store. It steals crypto wallet data using an OCR model.

DPRK 'Contagious Interview' campaign continues to target Mac users with new variants of FERRET malware and Github devs with repo spam.

Third-party scripts are a key part of the supply chain, giving 3rd party access to sensitive data or allowing malicious actions in the browser of your user. c/side helps you regain control over your website.

Cisco Talos discovered an ongoing malicious campaign operated by a financially motivated threat actor targeting users, predominantly in Poland and Germany.

• The actor has delivered different payloads, including Agent Tesla, Snake Keylogger, and a new undocumented backdoor we are calling TorNet, dropped by PureCrypter malware.
• The actor is running a Windows scheduled task on victim machines—including on endpoints with a low battery—to achieve persistence.
• The actor also disconnects the victim machine from the network before dropping the payload and then connects it back to the network, allowing them to evade detection by cloud antimalware solutions.
• We also found that the actor connects the victim’s machine to the TOR network using the TorNet backdoor for stealthy command and control (C2) communications and detection evasion.

Learn about the key macOS malware families from 2024, including tactics, IoCs, opportunities for detection, and links to further reading.

Cybercriminals use GhostGPT, an uncensored AI chatbot, for malware creation, BEC scams, and more. Learn about the risks and how AI fights back.
#chatbot #creation #cybercriminals #fights #ghostgpt #learn #malware #risks #scams #uncensored

Hackers are distributing close to 1,000 web pages mimicking Reddit and the WeTransfer file sharing service that lead to downloading the Lumma Stealer malware.

In addition to the new backConnect malware developed by Qbot operators, research has emerged tying zloader[4] activity to that of the BlackBasta ransomware operation. It is highly likely this new side loading backConnect malware has been or is going to be utilized to further ransomware attacks.

Since the end of 2024, we have been continuously monitoring large-scale DDoS attacks orchestrated by an IoT botnet exploiting vulnerable IoT devices such as wireless routers and IP cameras.

Third-party scripts are a key part of the supply chain, giving 3rd party access to sensitive data or allowing malicious actions in the browser of your user. c/side helps you regain control over your website.

Executive Summary: Since September, Check Point Research (CPR) has been monitoring a new version of the Banshee macOS Stealer, a malware that steals

• FireScam is an information stealing malware with spyware capabilities.
  It is distributed as a fake ‘Telegram Premium’ APK via a phishing website hosted on the GitHub.io domain, mimicking the RuStore app store.
• The phishing website delivers a dropper that installs the FireScam malware disguised as the Telegram Premium application.
• The malware exfiltrates sensitive data, including notifications, messages, and other app data, to a Firebase Realtime Database endpoint.
• FireScam monitors device activities such as screen state changes, e-commerce transactions, clipboard activity, and user engagement to gather valuable information covertly.
• Captures notifications across various apps, including system apps, to potentially steal sensitive information and track user activities.
• It employs obfuscation techniques to hide its intent and evade detection by security tools and researchers.
• FireScam performs checks to identify if it is running in an analysis or virtualized environment.
• The malware leverages Firebase for command-and-control communication, data storage, and to deliver additional malicious payloads.
• Exfiltrated data is temporarily stored in the Firebase Realtime Database, filtered for valuable content, and later removed.
• The Firebase database reveals potential Telegram IDs linked to the threat actors and contains URLs to other malware specimens hosted on the phishing site.
• By exploiting the popularity of messaging apps and other widely used applications, FireScam poses a significant threat to individuals and organizations worldwide.