Fake TikTok and WhatsApp Apps Infect Android Devices with ClayRat Spyware https://hackread.com/fake-tiktok-whatsapp-apps-android-clayrat-spyware/ #Cybersecurity #GooglePhotos #PlayStore #Zimperium #Security #WhatsApp #Android #Malware #ClayRat #Privacy #Spyware #youtube #Google #Russia #TikTok #Fraud #zLabs #Scam

Your Shipment Notification is Now a Malware Dropper https://hackread.com/your-shipment-notification-malware-dropper/ #Cybersecurity #CyberAttack #Forcepoint #Security #security #Malware #RAT

New Chaos-C++ Ransomware Targets Windows by Wiping Data, Stealing Crypto https://hackread.com/chaos-c-ransomware-windows-data-crypto/ #ChaosRansomware #Cybersecurity #CyberAttacks #CyberAttack #CyberCrime #Ransomware #Security #ChaosC++ #Malware #Windows #Crypto

Fake Teams Installers Dropping Oyster Backdoor (aka Broomstick) https://hackread.com/fake-teams-installers-oyster-backdoor-broomstick/ #MicrosoftTeams #Cybersecurity #Blackpoint #Microsoft #Security #Malware #Oyster

ClickFix, immer wieder ClickFix, weil es schön einfach ist?

Es gibt ein neuartiges Phishing‑Toolkit, IUAM ClickFix Generator, das die Erstellung von „ClickFix“-Angriffsseiten automatisiert und Bedrohungsakteuren mit wenig technischem Know‑how ermöglicht, ausgeklügelte Social‑Engineering‑Techniken einzusetzen. Das Tool bündelt alle erforderlichen Konfigurationsoptionen – Seitentitel, Domain, Verifizierungsaufforderungen und Anweisungen für die Zwischenablage – in einer webbasierten Oberfläche.
Das Ergebnis ist eine schlüsselfertige Lösung zur Erstellung bösartiger Seiten, die sich als legitime Browser‑Verifizierungs‑Challenges ausgeben und Opfer dazu verleiten, Befehle auszuführen, die Malware installieren.
Die Wirksamkeit der ClickFix‑Technik beruht darauf, den Instinkt der User:innen auszunutzen, Bildschirmanweisungen eines scheinbar vertrauenswürdigen Sicherheitsanbieters zu folgen. Danach gibt es dann miese Payload. Betroffen sind Nutzende von Windows und macOS.

Die Alarmglocken sollten schrillen, wenn dazu aufgefordert wird, Befehle manuell zu kopieren und auszuführen, um zu beweisen, dass die Nutzenden menschlichen Ursprungs sind. Finger weg!

Hintergründe von unit42.paloaltonetworks:

https://unit42.paloaltonetworks.com/clickfix-generator-first-of-its-kind/

NEW: Watch out as new #ClayRat spyware is being distributed in fake Google Photos, YouTube, TikTok and WhatsApp Android apps, stealing SMS, call logs and photos, then spreading via contact SMS links.

Read more: https://hackread.com/fake-tiktok-whatsapp-apps-android-clayrat-spyware/

Your “shipment notification” email might be a malware dropper as hackers are hiding malicious JavaScript in business-style messages to drop malware onto your system.

https://hackread.com/your-shipment-notification-malware-dropper/

Io non ho mai usato l'antivirus...
lo non ho mai preso un virus …
Perché il mio sistema operativo è superiore!

#MicrosoftOutlook: Zur Sicherheit keine #SVG-Anzeige mehr | heise online https://www.heise.de/news/Microsoft-Outlook-Zur-Sicherheit-keine-SVG-Anzeige-mehr-10729201.html #Malware #XSS #CrossSiteScripting

From companies to everyday users, watch out as fake #MicrosoftTeams installers are spreading the Oyster Backdoor (aka Broomstick) through malicious ads and poisoned search results.

Read: https://hackread.com/fake-teams-installers-oyster-backdoor-broomstick/

Polymorphic Python Malware That Mutates Every Time It Runs https://gbhackers.com/polymorphic-python-malware/ #CyberSecurityNews #cybersecurity #Malware #Python

APT Hackers Abuse ChatGPT to Develop Advanced Malware and Phishing Campaigns https://gbhackers.com/apt-hackers-abuse-chatgpt-to-develop-advanced-malware/ #CyberSecurityNews #cybersecurity #Vulnerability #ChatGPT #Malware

#Jaguar #LandRover nimmt Produktion wieder auf | heise online https://www.heise.de/news/Jaguar-Land-Rover-nimmt-Produktion-wieder-auf-10733932.html #JaguarLandRover #Ransomware #Malware #CyberCrime

2025-10-08 (Wednesday): #Kongtuke campaign fake CAPTCHA page with #ClickFix instructions.

I got a full infection chain this time!

During this infection I saw a 205MB zip download, which makes the #pcap take a while to load in Wireshark.

Some IOCs with the associated #malware and artifacts are available at https://www.malware-traffic-analysis.net/2025/10/08/index.html

Into malware? SANS talks polymorphism and the inspect module.

https://isc.sans.edu/diary/32354

oh look-see, a Swiss ASN providing services for Russian cybercriminals running crypto theft / scam operations with malicious browser plugins. Research by Koi who call this operator GreedyBear.

Several months ago, GreedyBear started delivering a bitcoin mining scam that I documented almost a year ago from my phone.

mine was at globalminingbit[.]top on Proton66. I have a full 16 min video of the scam. This bitcoin mining scam appears to be a template. the one i experienced used u/o parameters.

according to Koi, GreedyBear has collected at least $1M.. Data indicates GreedyBear is likely operating affiliate "advertising" where they feed the crypto scammers in Russian/BPH hosting space. From a swiss network.

Shockingly, GreedyBear also redirected to these same bitcoin mining scams on Proton66 (different IP).... what a small world. So much to say, so little space.

worth a read. I'd not heard of Koi before. they are former Israeli intel. so probably won't be pressured into taking shit down.

#threatintel #cybercrime #scam #malware #phishing #cybersecurity #infosec

https://www.koi.ai/blog/greedybear-650-attack-tools-one-coordinated-campaign

Smashing Security podcast #438: When your mouse turns snitch, and hackers grow a conscience https://grahamcluley.com/smashing-security-podcast-438/ #SmashingSecurity #Vulnerability #vulnerability #surveillance #Ransomware #databreach #ransomware #Dataloss #Malware #Podcast #Privacy #mouse

Smashing Security podcast #438: When your mouse turns snitch, and hackers grow a conscience - Your computer's mouse might not be as innocent as it looks - and one ransomware crew has ... https://grahamcluley.com/smashing-security-podcast-438/ #smashingsecurity #vulnerability #surveillance #ransomware #databreach #dataloss #malware #podcast #privacy #mouse

New Shuyal Stealer Targets 17 Web Browsers for Login Data and Discord Tokens https://hackread.com/shuyal-stealer-web-browsers-login-data-discord-tokens/ #Cybersecurity #Identitytheft #ShuyalStealer #Infostealer #PointWild #Security #Malware #Discord #Privacy #Windows

XWorm 6.0 Returns with 35+ Plugins and Enhanced Data Theft Capabilities
https://thehackernews.com/2025/10/xworm-60-returns-with-35-plugins-and.html #Cybercrime #Malware #XWorm #Plugins