Microsoft admits #GitHub hosted #malware that infected almost a million devices - https://www.theregister.com/2025/03/10/infosec_in_brief/ #awkward
malware
Elon Musk said a “massive cyberattack” disrupted X on Monday and pointed to “IP addresses originating in the Ukraine area” as the source of the attack. Security experts say that's not how it works. Read more at @WIRED. #X #ElonMusk #Malware #Cyberattack #Twitter #Tech #Technology https://flip.it/nwqrow
A 55-year-old software developer faces up to 10 years in prison for deploying malicious code that sabotaged his former employer's network. Via @ArsTechnica. #Malware #Tech #Technology #Cybersecurity https://flip.it/QhHHuG
Warner Bros. Discovery seeks dismissal of Superman case, pirate streaming sites infect millions of devices and Apple wins Tetris case.
https://www.plagiarismtoday.com/2025/03/10/3-count-tetris-block/
@linux_pl Ktoś z was bawił się hBlockiem*? Jak to się sprawdza w porównaniu z uBlockiem (poza tym, że działa system-wide, a nie tylko w jednej przeglądarce)?
* „hBlock is a POSIX-compliant shell script that gets a list of domains that serve ads, tracking scripts and malware from multiple sources and creates a hosts file, among other formats, that prevents your system from connecting to them.”
https://github.com/hectorm/hblock
#blokowanieReklam #adBlock #reklamy #malware #tracking #hblock #Linux
⚠️ Github scam investigation: Thousands of "mods" and "cracks" stealing your data
—Tim.sh
「 As soon as you download and launch any of these, all the data from your computer is collected and sent to some discord server - where hundreds of people crawl through the data searching for crypto wallet private keys, bank accounts and social media credentials, and even Steam and Riot Games accounts 」
https://timsh.org/github-scam-investigation-thousands-of-mods-and-cracks-stealing-your-data/
New #FrigidStealer #infostealer infects Macs via fake browser updates
I’ve learned yesterday that #Epson is a #ransomware group. No less.
They use #malware that degrade users computers in order to extort money.
On a Windows computer with Epson software package installed, the software will intentionally degrade the printing quality if it detects non-Epson ink cartridges in the printer. The degradation is so blatant that the output is unusable.
If you remove all Epson software, Windows will happily use its own driver and the output is perfect.
Lumma Stealer is currently one of the most popular malware. Campaigns involving this info stealer have a notable presence in DNS. We’ve been tracking a threat actor that deploys large number of domains to advertise file share links dropping Lumma Stealer. These campaigns are interesting because the actor uses traffic distribution system (TDS), cloaking, and web tracking technology (e.g. Matomo, Bablosoft) to hide and protect the malicious content. Here are recent examples of the TDS and landing page domains.
:::TDS + Cloaking:::
am4[.]myidmcrack[.]site
bjnhuy[.]shop
filefetch[.]click
mplopop[.]shop
oyoclean[.]sbs
psldi3z[.]com
readyf1[.]click
volopi[.]cfd
:::Landing Page:::
14redirect[.]cfd
downf[.]lol
fbfgsnew[.]com
icjvueszx[.]com
lkjpoisjnil[.]site
sikoip[.]cfd
zulmie[.]cfd
An attack that we investigated today showed a new Lumma Stealer payload and C2 domain that is only a day old.
:::Lumma Stealer executable SHA256::: df148680db17e221e6c4e8aed89b4d3623f4a8ad86a3a4d43c64d6b1768c5406
:::Text sites containing Lumma Stealer configuration details:::
hXXps://rentry[.]co/feouewe5/raw
hXXps://pastebin[.]com/raw/uh1GCpxx
:::Newly created Lumma Stealer C2:::
hXXps://urbjanjungle[.]tech/api
#malware #lummastealer #c2 #tds #tracker #cloaking #dns #mastodon #threatintel #cybercrime #threatintelligence #cybersecurity #infosec #infoblox #infobloxthreatintel
Edited 26d ago
The hack that turned the US government website of the Center for Disease Control into a porn site turns out to be more interesting than I originally thought. And that's not just because the CDC has not done anything to fix the problem 24 hours later...
Yesterday we found that a number of universities, enterprises and other government sites have been hacked by the same actor. Visiting the specific URLs takes you into a malicious adtech traffic distribution system (TDS). Depending on your device and location, you might get the pornography. bud, you also might get other scams like scareware. From my sacrificial phone, I was able to trigger a bunch of push notification requests.
Bottom Line: malicious adtech pays, their TDS allow actors to hide, and hackers are quite happy to compromise well known websites to get that money. But it's not just about scams, these types of techniques are frequently used for delivering information stealers, which lead to breaches.
Here's a few notes about the attack:
* The site is modified to add pages which attempt to load a specific image name. If that isn't there, then it redirects to the actor controlled malicious domain which funnels into the TDS
* The actor seems to be using blogspot for this now, but previously used a tiny URL. From here they will go to adtech TDS.
* There were what seemed possible to be dangling CNAME records in many cases, but in some of them didn't appear to be any issues with the DNS records. I suspect combo of accesses.
* In cases where there's no apparent DNS record issue, the legit site seems to be hosting in GitHub. Perhaps they have a credential compromised.
* I saw at least two adtech companies used, Adsterra and Roller Ads. these are checking for VPN and anonymous proxies before serving the final landing page.
* This image redirect actor seems to be riding off of a different actor who originally hacked the site, uses SEO poisoning techniques, and hacked universities to host porn content.
I put a bunch of images in imgur.
Thanks Krebs for the lead.
#dns #cybercrime #cybersecurity #infosec #adtech #malware #scam #threatintel #tds #InfobloxThreatIntel
https://imgur.com/a/cdc-website-hijack-leads-to-malicious-adtech-XfguIcN
Week 7 of the #Privacy Roundup is out, covering:
- #Google reCAPTCHA not effective in blocking bots, but is highly effective in fingerprinting users
- Game infected with #malware published on Steam
- #Apple released an emergency update fixing an exploited zero-day on #iOS devices
- DOGE leaks classified intel on its website
- @mullvadnet partners with Obscura #VPN
- #Microsoft Patch Tuesday
… and more.
📨 Latest issue of my curated #cybersecurity and #infosec list of resources for week #06/2025 is out!
It includes the following and much more:
➝ #Malware in Several Apps on Official Mobile App Stores
➝ #Ransomware Payments Dropped 35% in '24
➝ Discoveries about #DeepSeek (lack of) Privacy
➝ EU Released Guidance on its #AI Act
Subscribe to the #infosecMASHUP newsletter to have it piping hot in your inbox every week-end ⬇️
https://infosec-mashup.santolaria.net/p/infosec-mashup-062025?r=299go8
Hey gang, the tolltag phishing text scam is making the rounds again. It just landed on my phone. For those of us in cities where tollways are the easiest way across metroplexes, it can be easy to think "oh, huh...i wonder if I've used my prepaid balance?" if you've crossed the cities more than once. Always go to the website or app of the tollway authority...do not ever click links in text messages from unknown numbers. Especially when they start with an eastern european country code.
And even if you're too savvy to fall for this phish, you probably know people who would click, so sending them this link couldn't hurt.
https://malwaretips.com/blogs/fastrak-thetollroads-com-scam-texts/
Edited 30d ago
The March issue is available now -- Issue 292: What Comes After Git? This month we look at the ambitious Pijul project and the effort to build a next-generation version management system based on patches rather than snapshots.
https://mailchi.mp/linux-magazine.com/linux-magazine-preview-issue-292-march-2025
#Linux #Pijul #RHEL #AI #malware #RaspberryPi #OpenSource #Piwigo #Android #Manjaro #AlmaLinux #GNOME
Hi everyone. @threatresearch taking over the X-Ops feed today with a cool story.
Beginning in November 2024, we began to see an uptick in the number of spam emails that had an unusual attachment – an .svg file. This is a graphics format, and one might think that a picture can’t be unsafe, but in this case, one would be wrong.
https://news.sophos.com/en-us/2025/02/05/svg-phishing/
1/9
For the first time, Apple's App Store has been infected with photo scanning malicious software used to steal crypto wallets, according to researchers at Kaspersky.
AI-powered scams using deepfakes are evolving rapidly, pushing experts to urge heightened vigilance in online security. https://www.japantimes.co.jp/news/2025/01/30/world/society/deepfakes-internet-users-alert/?utm_medium=Social&utm_source=mastodon #worldnews #society #deepfakes #ai #misinformation #propaganda #china #us #europe #russia #chatgpt #openai #verizon #intel #onlinescams #phishing #malware
Data Privacy Day was January 28th, but there is still time to take advantage of our special offer. Save 50% on select Linux Magazine and @adminmagazine print and digital editions. Each issue includes data privacy and security content to help you protect your data and your organization's data. Sale ends February 7th!
https://shop.linuxnewmedia.com/shop/category/data-privacy-day-print-issues-47
#Privacy #DataPrivacyDay #security #Linux #OpenSource #malware #FOSS #kernel #tools
Edited 46d ago
It's Data Privacy Day! We are marking the occasion with special deals on privacy-related content. Browse the catalog and save 50% on select back issues of ADMIN and @linuxmagazine https://shop.linuxnewmedia.com/shop/category/data-privacy-day-print-issues-47
#DataPrivacyDay #malware #security #privacy #kernel #OpenSource #FOSS #phishing
So far I have published 13 articles (862 pages) to help other professionals in the cybersecurity community:
ERS 03: https://exploitreversing.com/2025/01/22/exploiting-reversing-er-series-article-03/
ERS 02: https://exploitreversing.com/2024/01/03/exploiting-reversing-er-series-article-02/
ERS 01: https://exploitreversing.com/2023/04/11/exploiting-reversing-er-series/
MAS 10: https://exploitreversing.com/2025/01/15/malware-analysis-series-mas-article-10/
MAS 09: https://exploitreversing.com/2025/01/08/malware-analysis-series-mas-article-09/
MAS 09: https://exploitreversing.com/2024/08/07/malware-analysis-series-mas-article-08/
MAS 07: https://exploitreversing.com/2023/01/05/malware-analysis-series-mas-article-7/
MAS 06: https://exploitreversing.com/2022/11/24/malware-analysis-series-mas-article-6/
MAS 05: https://exploitreversing.com/2022/09/14/malware-analysis-series-mas-article-5/
MAS 04: https://exploitreversing.com/2022/05/12/malware-analysis-series-mas-article-4/
MAS 03: https://exploitreversing.com/2022/05/05/malware-analysis-series-mas-article-3/
MAS 02: https://exploitreversing.com/2022/02/03/malware-analysis-series-mas-article-2/
MAS 01: https://exploitreversing.com/2021/12/03/malware-analysis-series-mas-article-1/
Even though I have very limited time to write, I hope to be able to share new articles soon.
Have a great day.
#reverseengineering #vulnerability #research #windows #chrome #informationsecurity #infosec #kernel #drivers #malware #windows #macOS #linux
📨 Latest issue of my curated #cybersecurity and #infosec list of resources for week #03/2025 is out!
It includes the following and much more:
➝ Data of 15K of #FortiGate Devices Dumped
➝ Biden's New Cyber Executive Order
➝ PlugX #Malware Deleted from over 4,200 Infected Systems
➝ Governments Call For #Spyware Regulations
Subscribe to the #infosecMASHUP newsletter to have it piping hot in your inbox every week-end ⬇️
https://infosec-mashup.santolaria.net/p/infosec-mashup-032025?r=299go8
Many malicious adtech companies offer what they call a "smartlink" to marketing affiliates. These affiliates publish the smartlink url on a website, an instagram post, and facebook ad, etc. and receive a commission based on some criteria of the adtech company.
But what is a smartlink really? You can think of it like this...
A Guy tells you he'll pay you to deliver packages. You can deliver them to anyone you want. Here's the catch: you only get paid if the recipient buys the contents AFTER they open it.
You don't know what's inside the packages, but the Guy gives you a hint by labeling it "mainstream", "dating", "gaming" etc. This way you can try to find people who are most likely to buy the content inside.
So you run all around town handing out packages, being super creative and decorating them so people will open the box.. and hoping they'll buy what's inside when they do. The Guy decides whats in the package and whether you get paid.
Sounds smart, right?
VexTrio's Los Pollos is one company that offers smartlinks, but there are many others, including Propeller Ads (via Monetag). Some call them direct links. For the technical folks - these links enter the user/victim into the traffic distribution system (TDS). These links are used to deliver everything from scams to malware.
#adtech #cybercrime #threatintel #cybersecurity #infosec #tds #vextrio #infoblox #infobloxthreatintel #scam #malware #phishing
13,000 MikroTik Routers Hijacked by Botnet for Malspam and Cyberattacks https://thehackernews.com/2025/01/13000-mikrotik-routers-hijacked-by.html