Summary :
Guardio Labs investigated a large-scale fake captcha campaign that spreads Lumma info-stealer malware through malvertising, exploiting ad networks to trick users into executing malicious commands. This intricate scheme highlights significant vulnerabilities within the digital advertising ecosystem. #Malvertising #InfoStealer #CyberSecurity
Keypoints :
A deceptive fake captcha campaign is distributing Lumma info-stealer malware.…Guardio Labs has revealed a critical vulnerability in the Opera browser that allows malicious extensions to exploit Private APIs, leading to severe security risks such as screen capturing and account hijacking. The research demonstrates how easily these malicious extensions can be created and distributed through official extension stores, highlighting the ongoing challenges in browser security.…
“`html
Short SummaryThe article discusses a significant phishing campaign named “EchoSpoofing,” which exploits Proofpoint’s email protection service to send millions of perfectly spoofed emails from well-known brands like Disney, IBM, and Coca-Cola. The campaign leverages authenticated SPF and DKIM signatures to bypass security measures, aiming to deceive recipients into revealing sensitive information.…
By Oleg Zaytsev (Guardio Labs)
Guardio Labs discovered a vulnerability in the Microsoft Edge browser, designated CVE-2024–21388. This flaw could have allowed an attacker to exploit a private API, initially intended for marketing purposes, to covertly install additional browser extensions with broad permissions without the user’s knowledge.…
By Nati Tal, Oleg Zaytsev (Guardio Labs)
Guardio Labs uncovers a sprawling campaign of subdomain hijacking, compromising already over 8,000 domains from esteemed brands and institutions, including MSN, VMware, McAfee, The Economist, Cornell University, CBS, Marvel, eBay and others.…
By Oleg Zaytsev, Nati Tal (Guardio Labs)
Over the last few years, the phishing ecosystem has been “democratized. “ There was a time when kits, infrastructure, and know-how, were available only on invite-only forums in the Dark web, hidden behind Tor Onion networks.…
By Oleg Zaytsev (Guardio Labs)
The Guardio Labs research team uncovered a critical zero-day vulnerability in the popular Opera web browser family. This vulnerability allowed attackers to execute malicious files on Windows or MacOS systems using a specially crafted browser extension.…
By Nati Tal, Oleg Zaytsev (Guardio Labs)
“EtherHiding” presents a novel twist on serving malicious code by utilizing Binance’s Smart Chain contracts to host parts of a malicious code chain in what is the next level of Bullet-Proof Hosting.…
By Oleg Zaytsev (Guardio Labs)
Facebook’s Messenger platform has been heavily abused in the past month to spread endless messages with malicious attachments from a swarm of fake and hijacked personal accounts.…
By Oleg Zaytsev, Nati Tal (Guardio Labs)
Guardio’s Email Protection has detected a sophisticated email phishing campaign exploiting a 0-day vulnerability in Salesforce’s legitimate email services and SMTP servers. Guardio Labs’ research team has uncovered an actively exploited vulnerability enabling threat actors to craft targeted phishing emails under the Salesforce domain and infrastructure.…
By Nati Tal (Guardio Labs)
Malverposting, the use of promoted social media posts and tweets to propagate malicious software and other security threats — is on the rise. One of those campaigns, linked to a Vietnamese threat actor, has been ongoing for months now gaining more traction lately using resilient deployment techniques and is estimated to surpass 500k infections worldwide so far.…
By Nati Tal (Guardio Labs)
Following our discovery of “FakeGPT”, the Facebook Ad Accounts stealer masquerading as a Chat-GPT Chrome Extension, Guardio’s security team uncovered another variant in a new campaign already hitting thousands a day.…
By Nati Tal (Guardio Labs)
A Chrome Extension propelling quick access to fake ChatGPT functionality was found to be hijacking Facebook accounts and installing hidden account backdoors. Particularly noticeable is the use of a malevolent silently forced Facebook app “backdoor” giving the threat actors super-admin permissions.…