Key Takeaways

A new Android Banking Trojan, “Brokewell”, was identified as distributing via a fake Chrome Update phishing site. 

The malware’s development is attributed to the developer, “Baron Samedit,” who manages the “Brokewell Cyber Labs” project. 

Utilizing Gitea, the malware developer hosts the Brokewell Android Loader project repository and shares underground forum links related to their profile. …
Read More

Summary: The Department of Justice has announced the arrest of the founders of Samourai Wallet, a cryptocurrency mixing service that allegedly facilitated money laundering and sanctions evasion, obscuring the origins of at least $100 million in criminal proceeds.

Threat Actor: Samourai Wallet | Samourai Wallet Victim: N/A

Key Point :

The founders of Samourai Wallet, Keonne Rodriguez and William Lonergan Hill, created features explicitly designed to help criminals engage in large-scale money laundering and sanctions evasion.…
Read More

Summary: The Federal Trade Commission (FTC) is providing $5.6 million in refunds to Ring users whose private video feeds were accessed without consent by Amazon employees and contractors, or had their accounts and devices hacked due to insufficient security measures.

Threat Actor: Amazon employees and contractors

Victim: Ring users

Key Point :

The FTC is sending $5.6 million in refunds to Ring users who had their private video feeds accessed without consent or experienced security breaches.…
Read More

Victim: hominemclinic.com.br Country : Unknown Actor: qiulong Source: http://62brsjf2w77ihz5paods33cdgqnon54gjns5nmag3hmqv6fcwamtkmad.onion/?p=142 Discovered: 2024-04-25 00:17:01.138591 Published: 2024-04-24 19:44:01.000000 Description :

We are a medical clinic specialized in male sexual health care, focusing on the treatment of erectile dysfunction, premature ejaculation, and andropause. Message to all men with sexual problems who are Hominem patients: THIS CLINIC DOES NOT PROTECT YOUR DATA AND YOUR PRIVACY, AND SOON EVERYONE WILL KNOW ABOUT YOUR PROBLEMS.…
Read More

Threat Actor: APT73 (Eraleign) | APT73 Victim: Trifecta Technologies, Inc. | Trifecta Technologies Price: Not specified Exfiltrated Data Type: Private and personal confidential data, confluence dump, clients documents, budget, payroll, IDs, taxes, finance information, personal details of employees

Additional Information :

APT73 is a new ransomware group known as Eraleign.…
Read More

Summary: Security vulnerabilities in cloud-based pinyin keyboard apps have been discovered, which could allow threat actors to access users’ keystrokes.

Threat Actor: Various threat actors targeting users of cloud-based pinyin keyboard apps. Victim: Users of cloud-based pinyin keyboard apps from vendors like Baidu, Honor, iFlytek, OPPO, Samsung, Tencent, Vivo, and Xiaomi.…

Read More

Summary: The US State Department is imposing visa restrictions on individuals involved in the development and sale of commercial spyware, targeting those who have targeted journalists, academics, human rights defenders, dissidents, and US government personnel.

Threat Actor: Commercial spyware developers and sellers.

Victim: Journalists, academics, human rights defenders, dissidents, and US government personnel.…

Read More

Key Takeaways

Cyble Research & Intelligence Labs (CRIL) identified a DragonForce ransomware binary based on LOCKBIT Black ransomware, suggesting the threat actors behind DragonForce used a leaked builder of LOCKBIT Black ransomware to generate their binary. 

In September 2022, an X (Twitter) user shared the download link for the LockBit ransomware builder, which allows threat actors to customize ransomware payloads according to their preferences. …
Read More

Victim: www.drwilliansegalin.com.br Country : Brazil Actor: qiulong Source: http://62brsjf2w77ihz5paods33cdgqnon54gjns5nmag3hmqv6fcwamtkmad.onion/?p=128 Discovered: 2024-04-24 00:10:12.685358 Published: 2024-04-23 19:56:05.000000 Description :

Another outlaw plastic surgeon who does not protect his patients’ privacy safely. Dr. Willian, if you care about your patients’ data and privacy, stop driving your Mustang around like a negligent doctor and avoid remaining silent.…
Read More

Threat Actor: Unknown | Unknown Victim: Chinese iPhone and Huawei Users | Chinese iPhone and Huawei Users Price: $6200 for iPhone dataset, $1300 for Huawei dataset Exfiltrated Data Type: Personal information of iPhone iOS and Huawei mobile phone users in China

Additional Information :

The database contains the personal information of iPhone iOS and Huawei mobile phone users across China.…
Read More
Key PointsAvast discovered and analyzed a malware campaign hijacking an eScan antivirus update mechanism to distribute backdoors and coinminers Avast disclosed the vulnerability to both eScan antivirus and India CERT. On 2023-07-31, eScan confirmed that the issue was fixed and successfully resolved The campaign was orchestrated by a threat actor with possible ties to Kimsuky Two different types of backdoors have been discovered, targeting large corporate networks The final payload distributed by GuptiMiner was also XMRigIntroduction

We’ve been tracking a curious one here.…

Read More

Victim: draandrearechia.com.br Country : Unknown Actor: qiulong Source: http://62brsjf2w77ihz5paods33cdgqnon54gjns5nmag3hmqv6fcwamtkmad.onion/?p=75 Discovered: 2024-04-23 02:00:47.923489 Description :

Dr. Andrea Rechia is another Brazilian plastic surgeon who doesn’t care about the data and privacy of her patients. Numerous attempts were made to contact her; however, she chose to remain silent instead of protecting her patients’ privacy.…
Read More

Summary: Hackers are targeting messaging apps used by the Ukrainian armed forces in an attempt to plant data-stealing malware, according to a report from CERT-UA.

Threat Actor: UAC-0184 | UAC-0184 Victim: Ukrainian armed forces | Ukrainian armed forces

Key Point :

Hackers identified as UAC-0184 are targeting Ukrainian armed forces’ messaging apps with data-stealing malware.…
Read More

Summary: Cybersecurity researchers have discovered almost 30 phishing websites that are impersonating the electronic toll collection service E-ZPass, following an FBI warning about smishing attacks targeting road toll collection services.

Threat Actor: Unknown threat actor | Unknown threat actor Victim: E-ZPass customers and users of road toll collection services

Key Point :

Cybersecurity researchers have identified nearly 30 newly created domains related to tolls, 15 of which are likely to be used for phishing, malware, or spam.…
Read More

Curated bookmark list categorized by area and event monitoring, person of interest search, corporate profiling, mapping, AI, intelligence analysis, reporting tools, collective tools, cryptocurrency, country specific, verification and fact-checking.

They are broken down into appropriate categories such as:

area and event monitoringperson of interest searchcorporate profilingmappingartificial intelligenceintelligence analysisreporting toolscollective toolscryptocurrencycountry specificverification and fact-checking.…
Read More

Victim: www.drlincoln.com.br Country : Brazil Actor: qiulong Source: http://62brsjf2w77ihz5paods33cdgqnon54gjns5nmag3hmqv6fcwamtkmad.onion/?p=50 Discovered: 2024-04-22 04:36:40.432900 Description :

If you are a patient of Dr. Lincoln Graça Neto, you should know that he doesn’t care about your data and your privacy. The clinic is located in Curitiba, in the Batel neighborhood, a noble area of the capital of Paraná, with easy access and a modern and pleasant physical structure.…
Read More

As the digital landscape continues to evolve, the United States finds itself at the forefront of emerging cybersecurity challenges. With its critical infrastructure, extensive government networks, and vibrant economy, the nation remains a prime target for a myriad of cyber threats. From state-sponsored actors seeking to undermine national security to sophisticated cybercriminal organizations aiming to exploit vulnerabilities for financial gain, the USA’s threat landscape is diverse and complex.…

Read More

In early 2024, Group-IB’s Threat Intelligence team observed a surge in phishing URLs targeting INTERAC, a Canadian payment service. Subsequently, a client operating in Canada reported an uptick in phishing attempts against their customers and shared a suspicious URL, lab-host[.]ru, prompting an investigation.

This inquiry unveiled a connection between the shared URL and INTERAC phishing pages, all originating from the LabHost Phishing-as-a-Service (PhaaS) platform.…

Read More