Summary:
Throughout 2024, Bitdefender Labs has identified a series of malvertising campaigns exploiting platforms like Facebook to distribute malware disguised as legitimate applications. A notable campaign involves a fake Bitwarden extension that lures users into installing harmful software by impersonating a security update. This campaign targets a wide demographic across Europe and utilizes deceptive ads, redirect chains, and extensive data collection methods to compromise user security.…Author: BitDefender
Summary:
In recent research, Bitdefender Labs has uncovered a sophisticated malvertising campaign leveraging Meta’s advertising platform to distribute SYS01 InfoStealer malware. This ongoing attack impersonates popular brands to trick users into downloading malicious software, highlighting the evolving tactics of cybercriminals in exploiting advertising channels for personal data theft.…Bitdefender researchers investigated a series of incidents at high-level organizations in countries of the South China Sea region, all performed by the same threat actor we track as Unfading Sea Haze. Based on the victimology and the cyber-attack’s aim, we believe the threat actor is aligned with China’s interests.As…
In a recent investigation by Bitdefender Labs, a series of cyberattacks targeting high-level organizations in South China Sea countries revealed a previously unknown threat actor. We’ve designated this group “Unfading Sea Haze” based on their persistence and focus on the region. The targets and nature of the attacks suggest alignment with Chinese interests.…
The impact that AI has on society has steadily crept into the darkest nooks and crannies of the internet. So much so that cybercrooks are hitching free rides on the AI bandwagon by leveraging the increased demand of AI-powered software for content creators.
Cybercriminal groups constantly adapt their operating methods and tools to stay a step ahead of potential victims.…
Here at Bitdefender, we’re constantly working on improving detection capabilities for our macOS cyber-security products; part of this effort involves revisiting old (or digging up new) samples from our malware zoo. During routine verifications, we were able to isolate multiple suspicious and undetected macOS disk image files surprisingly small for files of this kind (1.3 MB per file).…
Social media platforms offer immense opportunities for financially motivated threat actors to conduct large-scale attacks against unsuspecting Internet users. Fraudulent and malicious threats are prevalent on all social networks and it has become crucial for users to be aware of the latest tricks that can compromise the security of their accounts, data, reputation and finances.…
Booking engines – they make the worlds of travel and hospitality spin around. Estimated at over $US 500 billion, this market moves fast. These engines are a critical, nearly invisible part of the hospitality industry, and their security is essential to protect guests’ personal and financial information.…
For the past few years, hackers have increasingly targeted customers and businesses with tainted software boosted via ads. The recipe is simple – cyber-criminal groups set up fake websites for high-interest software and promote them on top of the results page through advertisements.
It takes just one search and one click for a user to fall victim to the trick.…
Modern cyber-crime rings are becoming increasingly attracted to the use of legitimate components to achieve their goals. Execution of malicious components via DLL hijacking and persisting on affected systems by abusing legitimate scheduled tasks and services are just a few examples of their agility and focus.…
During routine detection maintenance, our Mac researchers stumbled upon a small set of files with backdoor capabilities that seem to form part of a more complex malware toolkit. The following analysis is incomplete, as we are trying to identify the puzzle pieces that are still missing.…
June 9 Update:
The oldest sample we were able to track until now (e69b50d1d58056fc770c88c514af9a82) shows the malware during its early development stage. Dated 2023-04-12, it looks like a Stage 2 sample with the C&C address set to 127.0.0.1, which leads us to believe that it was used for testing.…