Cybercrime, Lokibot hides behind a request for confirmation on a wire transfer
The rar email attachment contains an exe: the malware itself. This, if opened, activates the infection chain.
Cybercrime, “Purchase order_2022” conveys the new RemcosRAT campaign
The email contains a rar attachment. Inside there is an exe: the malware itself, which activates the chain of infection.
Cybercrime, USPS bait for a delivery theme phishing campaign
Users are required to compile a form with their PIIs and credit cards details to pay a fake contribution. It’s a scam to steal data and money.
Cybercrime, Purple Fox released by Telegram installer for desktop
The malware is downloaded and activated by one of the two files contained within the executable. Goal: to reduce the chance of being detected and stopped.
Cybercrime, attacks on companies now go through Contact Forms
The bait are complaints with a link to prove them. This points to a site with a compressed file with malware inside or that directly downloads the dll. Attention!
WordPress, Hashthemes Demo Importer has a critical vulnerability
Wordfence cybersecurity experts: The plugin flaw enables any authorized user to entirely wipe a site clean, erasing all of the material and data posted to it.
Cybercrime, Quakbot campaign via real stolen email conversation
The two links in the message download a zip with an xls inside, which contacts three URLs from which the dll is downloaded, starting the malware infection.
The Black Friday could turn out to be much more expensive than expected
Cybersecurity Experts: Cybercrime plans traps on underground forums to steal victim’s money. From fake sites to malware. Beware of too tempting offers!
Cybercrime: triple malware campaign in a single email from Pakistan
Three gz attachments carry SnakeKeylogger, AgentTesla, and a Python executable, which should download another payload. In the first two cases, the stolen data is exfiltrated via SMTP.
Cybercrime, AgentTesla is now delivered via .xll attachments
Files packaged with Excel-DNA from which a dll containing 2 urls pointing to Discord is extracted. These download data files and encode them with XOR creating additional DLLs, which initiate the malware infection.