Tag Archives: Spreads

‘Vortax’ Meeting App Builds Elaborate Branding, Spreads Infostealers

A widespread campaign aimed at stealing cryptocurrency is spreading a wave of infostealers through fake virtual meeting software for both macOS and Windows platforms, particularly targeting the former with the dangerous Atomic stealer.

Discovered by Recorded Future’s Insikt Group, the campaign attributed to a threat actor dubbed “Markopolo” is responsible for an elaborate Web and social media presence for a fake app called Vortax, according to a report (PDF) published this week.

Vortax is purported to be virtual meeting software for various platforms but actually is a delivery mechanism for three infostealers: Rhadamanthys, Stealc, and Atomic, the researchers found. Attackers target cryptocurrency users in the campaign through social media and Telegram channels for the purpose of…


Source link

The Travels of “markopolo”: Self-Proclaimed Meeting Software Vortax Spreads Infostealers, Unveils Expansive Network of Malicious macOS Applications

insikt-group-logo-updated-3-300x48.png

Recorded Future’s Insikt Group identified that Vortax, a purported virtual meeting software, spreads three infostealers—Rhadamanthys, Stealc, and Atomic macOS Stealer (AMOS). This extensive campaign targets cryptocurrency users, exploiting macOS vulnerabilities. Operated by the threat actor “markopolo,” this campaign has significant implications for macOS security, indicating a potential increase in AMOS attacks.

The Travels of “markopolo”: Self-Proclaimed Meeting Software Vortax Spreads Infostealers, Unveils Expansive Network of Malicious macOS Applications

While monitoring data in Recorded Future Malware Intelligence, Recorded Future’s Insikt Group has identified a widespread cyberattack campaign involving Vortax, a supposed virtual meeting software. Once downloaded…


Source link

GoDaddy Hack Spreads to 6 More Web Hosts

The hack that exposed the details of 1.2 million GoDaddy customers has spread to six more web hosts. As Search Engine Journal reports, the six additional web hosts are all resellers of GoDaddy’s WordPress hosting services and include 123Reg, Domain Factory, Heart Internet, Host Europe, Media Temple, and tsoHost.

Customers of at least two of these web hosting companies have been sent emails very similar to the one GoDaddy sent out regarding the security breach. The hack they experienced also targeted Managed WordPress accounts and managed to leak email addresses, customer numbers, WordPress Admin passwords, sFTP database usernames and passwords for active customers, and in some cases SSL private keys.

WordPress security plugin maker Wordfence confirmed the hack has spread to these web…


Source link

Data Breach Spreads To Six Web Hosts

The GoDaddy data breach that affected up to 1.2 million web hosts has expanded to six more web hosts serving customers worldwide. The six additional compromised web hosts are resellers of GoDaddy’s hosting services. The extent of the intrusion appears to be the same as with GoDaddy, with matching dates of when the security intrusion began.

The six compromised web hosting providers are:

  • 123Reg
  • Domain Factory
  • Heart Internet
  • Host Europe
  • Media Temple
  • tsoHost

Advertisement

Continue Reading Below

Precise Dates of Intrusion

The state of California published notification of a security breach submitted by GoDaddy on November 23, 2021.

In the California notification GoDaddy provided specific dates for the security intrusions.

The dates of intrusion…


Source link