Cybercrime, LokiBot hides in a “Chinese boxes” campaign
The xlsm attachment downloads a doc file which downloads an executable that starts the malware infection. VelvetSweatshop used to evade anti viruses.
Cybercrime, Bitubit LLC-Aqua Direct s.r.o last Quakbot signed campaign victims
Threat actors exploit the company certificates to sign the attachment to decept the anti virus. Goal: to let the victims download and install QBot malware.
Cybercrime, Egregor gang changes “ransoms” in “contracts”
Ransomware victims become “clients”. The cybersecurity expert MalwareHunterTeam discovers a new press release by the group with rules and threats.
Cybercrime, French Posts lure for a phishing campaign
A mail or a SMS asks users to pay a residual colissimo shipping cost, opening a link. It redirect to a fake La Poste login site. The goal is to steal PII and sensitive data.
Cybercrime, Adwind RAT spreads via fake emails on invoice on SendGrid
The xlsb attachment downloads a powershell which recover a zip document. Inside, there is the malware (aka Java RAT or jRAT).
Cybercrime, Conti ransomware group asks Advantech a huge ransom: 13 mln
The cybersecurity expert Pierluigi Paganini: On November 26, leaking the data stolen begun: an archive of 3.03GB that accounts for 2% of the total amount of stolen data.
Cybercrime, QNodeService campaign via fake DHL invoices
The .jar attachment downloads the malware. This is a Trojan, capable of stealing credentials and loading additional malicious payloads into the victim's PC.
Cybercrime, new PayPal phishing campaign is spreading
It has been discovered by the cybersecurity expert MalwareHunterTeam. The lure is a supposed unusually activity on the victim’s account. The goal: steal PII and sensitive data.
Cybercrime, Dridex goes from fake Amazon Gift Card emails
The link in the messages directs the victim to a url (different for each email) and downloads an SCR, a VBS or a doc, which activate the malware infection.
Cybercrime, Covid-19 and unemployment lures for phishing in United States
The cybersecurity experts found waves of emails that direct victims to fake government sites. The goal is to steal PII and sensitive data.