Tag Archives: Campaign

Skype, Google Meet, and Zoom Used in New Trojan Scam Campaign

A threat actor has been distributing remote access Trojans (RATs) on Android and Windows operating systems using online meeting lures, according to cloud security provider Zscaler.

This campaign has been ongoing since at least December 2023, observed Zscaler’s threat intelligence team, ThreatLabz.

The distributed RATs include Android-focused SpyNote RAT and Windows-focused NjRAT and DCRat.

Malicious APKs and BAT Files Leading to RAT Payloads

To lure its victims into downloading the RATs, the threat actor created several fake online meeting sites, impersonating brands like Microsoft-owned Skype, Google Meet and Zoom.

“All of the fake sites were in Russian,” noted Zscaler ThreatLabz researchers.

The attacker utilized shared web hosting services to host all these websites on a…


Source link

A new Microsoft Azure hacking campaign is targeting high-end executives

Hackers are going after highly-positioned professionals, including senior executives, with targeted phishing and cloud account takeover attacks, new research has claimed.

A report from Proofpoint outlined a new campaign to compromise Microsoft Azure environments and cloud accounts since late November 2023.


Source link

VERA FILES FACT CHECK: FB post promotes FAKE Meta ad campaign optimization tool

Filipinos shared an online post claiming that Meta, the American multinational company operating Facebook (FB), launched a new ad campaign optimization tool powered by artificial intelligence (AI) called MetaAI. This is fake.

The Aug. 24 post by FB page Meta.Ai carries a link to a website where users are baited into downloading and installing a Windows program infected with a computer virus called Trojan. 

VERA Files has reached out to Meta but the company has yet to issue a statement about this.

This bogus post used the name of Meta AI, an academic research laboratory under Meta which has produced AI-based projects such as videos generated from text and speech recognition.

Meta offers application programming interfaces (APIs) as well as a set of AI-based tools


Source link

Deserialized web security roundup: Twitter 2FA backlash, GoDaddy suffers years-long attack campaign, and XSS Hunter adds e2e encryption


Jessica Haworth

24 February 2023 at 13:09 UTC

Updated: 24 February 2023 at 13:15 UTC

Your fortnightly rundown of AppSec vulnerabilities, new hacking techniques, and other cybersecurity news

witter 2FA backlash, GoDaddy suffers years-long attack campaign, and XSS Hunter adds e2e encryption

Twitter faced further criticism this week when Elon Musk’s social networking platform announced SMS-based 2FA will only be available to paying customers going forward.

The social media site historically enabled two-factor authentication (2FA) to all users, providing they connected their mobile phone number to their account.

This week, however, users were warned that this security option would no longer be available to users who did not pay for verification.

Of course, this sparked huge backlash online,…


Source link