AI Browsers Can Be Tricked Into Paying Fake Stores in PromptFix Attack
The PromptFix attack tricks AI browsers with fake CAPTCHAs, leading them to phishing sites and fake stores where…
Hackers deploy DripDropper via Apache ActiveMQ flaw, patch systems to evade detection
Hackers exploit Apache ActiveMQ flaw to install DripDropper on Linux, then patch it to block rivals and hide their tracks. Red Canary researchers observed attackers exploit a 2-year-old Apache ActiveMQ vulnerability, tracked as CVE-2023-46604 (CVSS score of 10.0), to gain persistence on cloud Linux systems and deploy DripDropper malware. Uniquely, they patch the flaw post-exploit […]
Paper Werewolf Exploits WinRAR Zero-Day Vulnerability to Deliver Malware
Cyber spies associated with the threat actor group Paper Werewolf have demonstrated advanced capabilities in bypassing email security filters by delivering malware through seemingly legitimate archive files, a tactic that exploits the commonality of su…
New SHAMOS Malware Targets macOS Through Fake Help Sites to Steal Login Credentials
Cybersecurity researchers at CrowdStrike identified and thwarted a sophisticated malware campaign deploying SHAMOS, an advanced variant of the Atomic macOS Stealer (AMOS) malware, orchestrated by the cybercriminal group COOKIE SPIDER. Operating under a…
UNC5518 Group Hacks Legitimate Sites with Fake Captcha to Deliver Malware
The financially motivated threat group UNC5518 has been infiltrating trustworthy websites to install ClickFix lures, which are misleading phony CAPTCHA pages, as part of a complex cyber campaign that has been monitored since June 2024. These malicious …
RingReaper Malware Targets Linux Servers, Stealthily Evading EDR Solutions
A new malware campaign dubbed RingReaper has emerged, targeting servers with advanced post-exploitation capabilities that exploit the kernel’s io_uring asynchronous I/O interface to bypass Endpoint Detection and Response (EDR) systems. This sophi…
QuirkyLoader: A New Malware Loader Spreading Infostealers and Remote Access Trojans (RATs)
IBM X-Force has tracked QuirkyLoader, a sophisticated loader malware deployed by threat actors to distribute prominent families such as Agent Tesla, AsyncRAT, FormBook, MassLogger, Remcos, Rhadamanthys, and Snake Keylogger. This multi-stage threat init…
DOJ takes action against 22-year-old running RapperBot Botnet
DOJ charges 22-year-old Ethan Foltz of Oregon for running RapperBot, a DDoS botnet behind 370K+ attacks in 80+ countries since 2021. The U.S. DOJ charged 22-year-old Ethan Foltz of Oregon for running the RapperBot botnet, used in over 370,000 DDoS-for-hire attacks since 2021. The criminal service is active in over 80 countries, RapperBot enabled large-scale […]
Fake Antivirus App Spreads Android Malware to Spy on Russian Users
Doctor Web warns of Android.Backdoor.916.origin, a fake antivirus app that spies on Russian users by stealing data, streaming…
New DripDropper Malware Exploits Linux Flaw Then Patches It Lock Rivals Out
A new report from Red Canary reveals a clever Linux malware called DripDropper that exploits a flaw and…